Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ScreenBeam_Conference_Windows.msi

Overview

General Information

Sample name:ScreenBeam_Conference_Windows.msi
Analysis ID:1367930
MD5:80744017cd0ede4bc3c925568c88fac5
SHA1:8b9bfca894fd934c37e3b5ac237956a36ac1cf69
SHA256:3c1b3c446dbaca7916fe7a8294637d831047891de5163bb53d3ca776a37e220e
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Drops executables to the windows directory (C:\Windows) and starts them
Sample is not signed and drops a device driver
Yara detected Generic Downloader
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to read device registry values (via SetupAPI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries device information via Setup API
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to load missing DLLs

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7508 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ScreenBeam_Conference_Windows.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7556 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7600 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 9D34D7427C27ADE329EE17E590582B2F C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8120 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 809CEDDD01300C3B79C7082C58D3525E C MD5: E5DA170027542E25EDE42FC54C929077)
      • rundll32.exe (PID: 8180 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3424.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5911687 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 7228 cmdline: "DefMic.exe" --def MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 7272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 6020 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5913265 100 ByomCustomAction!ByomCustomAction.CustomActions.VerifyDriverBusy MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 7488 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 7572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 7712 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 7256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • DefMic.exe (PID: 2120 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 3620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 7780 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 7788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 3180 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI5838.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5920828 128 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 732 cmdline: "DefMic.exe" --def MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 5796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 2996 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI5C50.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5921859 138 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 2412 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 6148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 6640 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 6664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 8064 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI66B1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5924515 164 ByomCustomAction!ByomCustomAction.CustomActions.RemoveDriver MD5: EF3179D498793BF4234F708D3BE28633)
        • sbdrvmgr.exe (PID: 7060 cmdline: sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 6548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 3896 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 91905C7D064CD546A55ACF820F5C2603 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 4192 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 2BC6845E5AFE2BC1FD6CEB0BC5219A68 MD5: E5DA170027542E25EDE42FC54C929077)
      • rundll32.exe (PID: 4812 cmdline: rundll32.exe "C:\Windows\Installer\MSI7D4D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5930375 133 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 652 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 1284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 3120 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 2800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 3004 cmdline: rundll32.exe "C:\Windows\Installer\MSI857D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5932421 160 ByomCustomAction!ByomCustomAction.CustomActions.WaitForUnpairDeviceApp MD5: EF3179D498793BF4234F708D3BE28633)
      • rundll32.exe (PID: 2188 cmdline: rundll32.exe "C:\Windows\Installer\MSI9CD1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5938406 168 ByomCustomAction!ByomCustomAction.CustomActions.StopSBUCProcesses MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 2676 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 4460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 3748 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 1344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • DefMic.exe (PID: 6296 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 6308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 6840 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 6876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 6188 cmdline: rundll32.exe "C:\Windows\Installer\MSIB1D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5943750 220 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 6448 cmdline: "DefMic.exe" --def MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 7868 cmdline: rundll32.exe "C:\Windows\Installer\MSIB702.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5945093 230 ByomCustomAction!ByomCustomAction.CustomActions.SetIsInstallingTrue MD5: EF3179D498793BF4234F708D3BE28633)
      • rundll32.exe (PID: 4904 cmdline: rundll32.exe "C:\Windows\Installer\MSIBD3E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5946671 437 ByomCustomAction!ByomCustomAction.CustomActions.IsDriverBusy MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 7252 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 7196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 5684 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 5672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 7724 cmdline: rundll32.exe "C:\Windows\Installer\MSIC5FA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5948921 452 ByomCustomAction!ByomCustomAction.CustomActions.DisableCampfilters MD5: EF3179D498793BF4234F708D3BE28633)
        • regsvr32.exe (PID: 7704 cmdline: regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeamJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\ConferenceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appsettingsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appsettings\settings.jsonJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\eula.rtfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\ScreenBeam.bmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\ScreenBeam.icoJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\deJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\FiltersJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Fizzler.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ImagesJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Go2Meeting.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\ham_menu.svgJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\info-icon.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\panic_button.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\repair_icon.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\ScreenBeamLogo.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Source 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Source 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Teams_03.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\teams_settings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\warning-orange.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Warning_blk.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Warning_red.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Webex_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Webex_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\zoom_settings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\qf4net.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Svg.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Svg.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audioJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\instrmv.cmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\serviceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\qf4net.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\instrmv.cmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Console.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config1_base.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ipsee.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\runconfig.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.caJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.keyJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\user manual.pdfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\en-USJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config2_base.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreenBeam Conference 1.0.5.3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\eula.rtfJump to behavior
    Source: Binary string: dows\exe\DefMic.pdbf source: DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbuser\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\UsersC: source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: DefMic.exe, 00000008.00000002.2306218613.0000000000801000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb_1 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: C:\Dev\SVG\Source\obj\Release\net461\Svg.pdb source: Svg.dll.1.dr
    Source: Binary string: \??\C:\Windows\DefMic.pdbCY source: DefMic.exe, 00000031.00000002.2622685356.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\66\s\build\ship\x64\SfxCA.pdb source: ScreenBeam_Conference_Windows.msi, MSIC10.tmp.1.dr
    Source: Binary string: Microsoft.Xaml.Behaviors.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: SBConference.Model.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: m,C:\Windows\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: XamlAnimatedGif.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.PDB source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdbX+r+ d+_CorDllMainmscoree.dll source: System.ObjectModel.dll.1.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306218613.0000000000801000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI3ABC.tmp-\DefMic.PDB source: DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb3 source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb source: DefMic.exe, 00000028.00000002.2571020714.0000000000942000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000088F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: NLog.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI3424.tmp-\DefMic.PDB source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb/jIj ;j_CorExeMainmscoree.dll source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000000.2300858564.0000000000242000.00000002.00000001.01000000.00000007.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.0000000001192000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000AE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000936000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000087F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: StreamPlayback.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.pdb8" source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdb source: DefMic.exe, 00000035.00000002.2655208737.000000000083B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: MahApps.Metro.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: dows\dll\mscorlib.pdb source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI5C50.tmp-\DefMic.PDB source: DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.1.dr
    Source: Binary string: \mscorlib.pdbr source: DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: System.Diagnostics.Process.dll.1.dr
    Source: Binary string: \??\C:\Windows\DefMic.pdbtD source: DefMic.exe, 00000028.00000002.2571020714.0000000000900000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Osymbols\exe\DefMic.pdb source: DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConfDiag.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: System.IO.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSI7D4D.tmp-\DefMic.PDB source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: {enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbw source: DefMic.exe, 0000002C.00000002.2582628392.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.PDBc source: DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb{ source: DefMic.exe, 0000000B.00000002.2319786140.0000000001192000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ControlzEx.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbF% source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb#A` source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.pdb089T source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2392280014.0000000001031000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSI7D4D.tmp-\DefMic.pdb6d source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: UnpairDeviceApp.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: Microsoft.Xaml.Behaviors.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: =symbols\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.PDB< source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: vacscbkd.pdbR source: vacscbkd.sys2.1.dr
    Source: Binary string: dows\exe\DefMic.pdbb}| source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSIB1D1.tmp-\DefMic.pdb source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: System.Resources.Writer.dll.1.dr
    Source: Binary string: SBConference.Model.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=065367ComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\rs source: DefMic.exe, 00000035.00000002.2655208737.000000000087F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbbva source: DefMic.exe, 00000008.00000002.2306218613.00000000007CC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: vacscbkd.pdb source: vacscbkd.sys2.1.dr
    Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: ScreenBeamConference.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.pdb. source: DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Usymbols\exe\DefMic.pdb source: DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb| source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb\ source: DefMic.exe, 00000017.00000002.2404230205.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$*>* 0*_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSIB1D1.tmp-\DefMic.pdb source: DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb%| source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSI9CD1.tmp-\DefMic.pdb source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbC source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb] source: DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer\msi-installer\ByomCustomAction\ByomCustomAction\obj\x64\Release\ByomCustomAction.pdb source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: ControlzEx.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdb<S0BWQ source: DefMic.exe, 00000021.00000002.2493051155.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIB1D1.tmp-\DefMic.PDB source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbb source: DefMic.exe, 00000008.00000002.2306218613.00000000007E2000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: UnpairDeviceApp.pdb^ source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\DefMic.pdbd source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.PDB\+%/ source: DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: System.Xml.XPath.dll.1.dr
    Source: Binary string: symbols\exe\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdb source: DefMic.exe, 0000002C.00000002.2582628392.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256 source: NLog.dll.1.dr
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbe source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbS source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ScreenBeamConference.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\DefMic.pdbU source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb} source: ScreenBeam_Conference_Windows.msi, MSIE11.tmp.0.dr
    Source: Binary string: \??\C:\Windows\DefMic.pdbqI[ source: DefMic.exe, 00000014.00000002.2392280014.0000000001031000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: System.Resources.Writer.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbVV0 source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.pdb source: DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConference.Service.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: StreamPlayback.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.pdb`* source: DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb} source: DefMic.exe, 00000028.00000002.2571020714.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb9 source: DefMic.exe, 00000031.00000002.2622685356.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\aipackagechainer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.pdb source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\svn\happytimesoft\onvifclient\bin\x64\OnvifClientLibrary.pdb source: OnvifClientLibrary.dll.1.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb! source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Windows\DefMic.pdbpdbMic.pdb source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb==x source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\exe\DefMic.pdb source: DefMic.exe, 00000017.00000002.2404230205.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb; source: ScreenBeam_Conference_Windows.msi, MSICB5A.tmp.1.dr
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdb source: System.ObjectModel.dll.1.dr
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2319786140.0000000001192000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbp source: DefMic.exe, 00000028.00000002.2571020714.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbW9u'u source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbPly source: DefMic.exe, 0000002C.00000002.2582628392.0000000000793000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306218613.00000000007E2000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000900000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306218613.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.000000000114E000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbb3 source: DefMic.exe, 00000017.00000002.2404230205.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.pdb source: DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb^ source: DefMic.exe, 00000014.00000002.2392280014.000000000101D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: DefMic.exe, 00000035.00000002.2655208737.000000000087F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\exe\DefMic.pdb6b source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbmp-\DefMic.PDB source: DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConference.ViewModel.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
    Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Xsymbols\exe\DefMic.pdb source: DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConference.ViewModel.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: XamlAnimatedGif.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbll> source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Service.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: SBConference.Common.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll.1.dr
    Source: Binary string: \??\C:\Windows\mscorlib.pdb, source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdbf> source: DefMic.exe, 00000008.00000002.2306218613.00000000007E2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConfDiag.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSI9CD1.tmp-\DefMic.pdb& source: DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb3 source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI5838.tmp-\DefMic.PDB source: DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\Users\ScreenBeam\Projects\sb-conference-installer\byom-rtsp-client\sbdrvmgr\sbdrvmgr\obj\x64\Release\sbdrvmgr.pdb source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, sbdrvmgr.exe, 0000000D.00000000.2320871905.000002ADB4A52000.00000002.00000001.01000000.0000000C.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616339717.000002580D2A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630652716.000002CD386C1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2646143690.0000023999202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2646059598.0000023999202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000
    Source: Binary string: SBConference.Common.pdb_1 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: ScreenBeam_Conference_Windows.msi, MSI9CA1.tmp.1.dr
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: System.Diagnostics.Process.dll.1.dr
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.0000000000793000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: MahApps.Metro.pdbx& source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdb< source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb<D source: DefMic.exe, 00000028.00000002.2571020714.0000000000900000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb]A^ source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
    Source: Binary string: C:\svn\happytimesoft\onvifclient\bin\x64\OnvifClientLibrary.pdb22 source: OnvifClientLibrary.dll.1.dr
    Source: Binary string: dows\exe\DefMic.pdb! source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbc source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbb source: DefMic.exe, 00000008.00000002.2306218613.0000000000801000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: ScreenBeam_Conference_Windows.msi, MSIE11.tmp.0.dr
    Source: Binary string: osymbols\exe\DefMic.pdb source: DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: DefMic.exe, 0000002C.00000002.2582628392.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIBD3E.tmp-\DefMic.pdby source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbC source: DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbE source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb source: ScreenBeam_Conference_Windows.msi, MSICB5A.tmp.1.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbq% source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbN source: DefMic.exe, 00000021.00000002.2493051155.0000000000AE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSI9CD1.tmp-\DefMic.pdb source: DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdba\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindiq source: DefMic.exe, 00000028.00000002.2571020714.0000000000936000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: DefMic.exe, 00000008.00000002.2306218613.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.000000000114E000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2392280014.000000000101D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.0000000000793000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000083B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.NonGeneric\4.0.3.0\System.Collections.NonGeneric.pdb source: System.Collections.NonGeneric.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb3 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb{ source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb== source: DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdbz source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000000.2300858564.0000000000242000.00000002.00000001.01000000.00000007.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.0000000001192000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000AE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000936000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000087F000.00000
    Source: Binary string: \??\C:\Windows\mscorlib.pdbs source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Windows\Installer\MSIBD3E.tmp-\DefMic.pdb source: DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbT% source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSI7D4D.tmp-\DefMic.pdb source: DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: m.pdb source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\Dev\SVG\Source\obj\Release\net461\Svg.pdbSHA256 source: Svg.dll.1.dr
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

    Networking

    barindex
    Yara detected Generic Downloader
    Source: Yara matchFile source: C:\Program Files\ScreenBeam\Conference\service\netstandard.dll, type: DROPPED
    Source: ScreenBeam_Conference_Windows.msiString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://crl.globalsign.com/root.crl0G
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: System.ObjectModel.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/NotificationProducer/SubscribeRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/PausableSubscriptionManager/PauseSubscriptionRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/PausableSubscriptionManager/ResumeSubscriptionRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/PullPoint/DestroyPullPointRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/PullPoint/GetMessagesRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/SubscriptionManager/RenewRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/SubscriptionManager/UnsubscribeRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
    Source: Newtonsoft.Json.dll.32.drString found in binary or memory: http://james.newtonking.com/projects/json
    Source: avcodec-58.dll.1.drString found in binary or memory: http://lame.sf.net
    Source: avcodec-58.dll.1.drString found in binary or memory: http://lame.sf.net64bits../../lame-3.100/libmp3lame/mpglib_interface.c0
    Source: NLog.xml0.1.drString found in binary or memory: http://m.nu/program/util/netcat/netcat.html
    Source: rundll32.exe, 0000000A.00000002.2331973985.0000014523F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.mic
    Source: rundll32.exe, 0000000A.00000002.2331973985.0000014523F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.microsoftp
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/dummynamespace/
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/3
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/5
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/T
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://ocsp.digicert.com0K
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.dr, avcodec-58.dll.1.dr, avutil-56.dll.1.dr, Svg.dll.1.dr, System.ObjectModel.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
    Source: SBConference.Model.dll.1.drString found in binary or memory: http://schemas.screenbeam.com/resources
    Source: NLog.dll.1.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
    Source: NLog.xml0.1.drString found in binary or memory: http://sqlite.phxsoftware.com/
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/news/
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/releases/
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/DisableAccessPoint
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/EnableAccessPoint
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAccessPointInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAccessPointInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAccessPointState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAreaInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAreaInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/CreateAccessProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/CreateAccessProfileV
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/DeleteAccessProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/DeleteAccessProfileX
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfoListS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfoR
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileListU
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfilesT
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetServiceCapabilitiesQ
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/ModifyAccessProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/ModifyAccessProfileW
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/CreateCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/CreateCredentialC
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialAccessProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialAccessProfilesP
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialE
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialIdentifier
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialIdentifierM
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DisableCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DisableCredentialH
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/EnableCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/EnableCredentialG
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialAccessProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialAccessProfilesN
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialIdentifiers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialIdentifiersK
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialInfo?
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialListB
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialStateF
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentials
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialsA
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetSupportedFormatTypes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetSupportedFormatTypesJ
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/ModifyCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/ModifyCredentialD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/ResetAntipassbackViolation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/ResetAntipassbackViolationI
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/SetCredentialAccessProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/SetCredentialAccessProfilesO
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/SetCredentialIdentifier
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/SetCredentialIdentifierL
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/AddIPAddressFilter
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/AddScopes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/CreateStorageConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/CreateUsers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/DeleteGeoLocation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/DeleteStorageConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/DeleteUsers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetAccessPolicy
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDNS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDeviceInformation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDiscoveryMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDot11Capabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDot11Status
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDynamicDNS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetEndpointReference
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetGeoLocation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetHostname
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetIPAddressFilter
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetNTP
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetNetworkDefaultGateway
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetNetworkInterfaces
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetNetworkProtocols
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetRelayOutputs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetRemoteUser
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetScopes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetServices
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetStorageConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetStorageConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetSystemDateAndTime
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetSystemLog
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetSystemUris
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetUsers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetWsdlUrl
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetZeroConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/RemoveIPAddressFilter
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/RemoveScopes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/ScanAvailableDot11Networks
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SendAuxiliaryCommand
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetAccessPolicy
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetDNS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetDiscoveryMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetDynamicDNS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetGeoLocation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetHostname
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetHostnameFromDHCP
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetIPAddressFilter
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetNTP
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetNetworkDefaultGateway
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetNetworkInterfaces
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetNetworkProtocols
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetRelayOutputSettings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetRelayOutputState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetRemoteUser
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetScopes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetStorageConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetSystemDateAndTime
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetSystemFactoryDefault
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetUser
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetZeroConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/StartFirmwareUpgrade
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/StartSystemRestore
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SystemReboot
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetDigitalInputConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetDigitalInputs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetRelayOutputOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetRelayOutputs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/SetDigitalInputConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/SetRelayOutputSettings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/SetRelayOutputState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/AccessDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/BlockDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/CreateDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/CreateDoor2
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/DeleteDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/DeleteDoor5
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/DoubleLockDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfo%
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfoList$
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorList1
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorState&
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoors
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoors0
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetServiceCapabilities#
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDoor(
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDownDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDownReleaseDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDownReleaseDoor-
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenDoor.
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenReleaseDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenReleaseDoor/
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/ModifyDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/ModifyDoor4
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/SetDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/SetDoor3
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/UnlockDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/UnlockDoor)
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/EventPortType/CreatePullPointSubscriptionRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/EventPortType/GetEventPropertiesRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/EventPortType/GetServiceCapabilitiesRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/PullPointSubscription/PullMessagesRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/PullPointSubscription/SeekRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/PullPointSubscription/SetSynchronizationPointRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddPTZConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddVideoAnalyticsConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/CreateOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/CreateProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/DeleteOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/DeleteProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioDecoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioDecoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioEncoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioEncoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioOutputConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioOutputConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioOutputs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioSourceConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioSourceConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioSources
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetGuaranteedNumberOfVideoEncoderInstances
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetOSDOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetOSDs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetSnapshotUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetStreamUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoAnalyticsConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoEncoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoEncoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSourceConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSourceConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSourceModes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSources
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemovePTZConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveVideoAnalyticsConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetSynchronizationPoint
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetVideoAnalyticsConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetVideoSourceMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/network/wsdl
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/FocusMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/FocusMovev
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/GetServiceCapabilitiesq
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/GetUsage
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/PanMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/PanMover
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/RollMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/RollMoveu
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/Stop
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/Stopw
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/TiltMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/TiltMoves
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/ZoomMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/ZoomMovet
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/ConfigureReceiver
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/ConfigureReceivern
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/CreateReceiver
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/CreateReceiverl
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/DeleteReceiver
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/DeleteReceiverm
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiver
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiverState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiverStatep
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiverk
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceivers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiversj
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetServiceCapabilitiesi
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/SetReceiverMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/SetReceiverModeo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/CreateRecording
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/CreateRecordingJob
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/CreateTrack
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/DeleteRecording
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/DeleteRecordingJob
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/DeleteTrack
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingJobConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingJobState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingJobs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetTrackConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/SetRecordingConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/SetRecordingJobConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/SetRecordingJobMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/SetTrackConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/replay/wsdl/GetReplayConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/replay/wsdl/GetReplayUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/replay/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/replay/wsdl/SetReplayConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/CreateSchedule
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/CreateSpecialDayGroup
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/CreateSpecialDayGroupe
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/DeleteSchedule
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/DeleteSpecialDayGroup
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/DeleteSpecialDayGroupg
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleInfoZ
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleStateh
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSchedules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetServiceCapabilitiesY
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupInfoListb
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupInfoa
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupListd
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroups
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupsc
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/ModifySchedule
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/ModifySchedule_
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/ModifySpecialDayGroup
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/ModifySpecialDayGroupf
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/EndSearch
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/FindEvents
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/FindMetadata
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/FindPTZPosition
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/FindRecordings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetEventSearchResults
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetMediaAttributes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetMetadataSearchResults
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetPTZPositionSearchResults
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetRecordingInformation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetRecordingSearchResults
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetRecordingSummary
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetSearchState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfiguration8
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationOptions:
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfigurations7
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfiguration;
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfigurationOptions=
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetServiceCapabilities6
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/SetConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/SetConfiguration9
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/SetRadiometryConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/PanTiltSpaces/GenericSpeedSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/PanTiltSpaces/PositionGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/PanTiltSpaces/TranslationGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/PanTiltSpaces/VelocityGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/ZoomSpaces/PositionGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/ZoomSpaces/TranslationGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/ZoomSpaces/VelocityGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/ZoomSpaces/ZoomGenericSpeedSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/CreateAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/CreateRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/DeleteAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/DeleteRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetAnalyticsModuleOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetRuleOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetSupportedAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetSupportedRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/ModifyAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/ModifyRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/FocusStop
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetCurrentPreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetImagingSettings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetMoveOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetPresets
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetStatus
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/Move
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/SetCurrentPreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/SetImagingSettings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/AddConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/CreateMask
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/CreateOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/CreateProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/DeleteMask
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/DeleteOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/DeleteProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAnalyticsConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioDecoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioDecoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioEncoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioEncoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioOutputConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioOutputConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioSourceConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioSourceConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetMaskOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetMasks
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetMetadataConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetMetadataConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetOSDOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetOSDs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetSnapshotUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetStreamUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoEncoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoEncoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoEncoderInstances
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoSourceConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoSourceConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoSourceModes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/RemoveConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetMask
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetMetadataConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetSynchronizationPoint
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetVideoSourceMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/StartMulticastStreaming
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/StopMulticastStreaming
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/AbsoluteMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/ContinuousMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/CreatePresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GeoMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetNode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetNodes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetPresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetPresetTourOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetPresetTours
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetPresets
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetStatus
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GotoHomePosition
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GotoPreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/ModifyPresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/OperatePresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/RelativeMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/RemovePreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/RemovePresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/SendAuxiliaryCommand
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/SetConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/SetHomePosition
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/SetPreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/Stop
    Source: vacscbkd.inf0.1.drString found in binary or memory: http://www.screenbeam.com
    Source: vacscbkd.sys2.1.drString found in binary or memory: http://www.screenbeam.com/video-conference/byom
    Source: avcodec-58.dll.1.drString found in binary or memory: http://www.twolame.org/
    Source: avcodec-58.dll.1.drString found in binary or memory: http://www.twolame.org/MPEG-1MPEG-2
    Source: avcodec-58.dll.1.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: avcodec-58.dll.1.drString found in binary or memory: http://x265.org
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/jstedfast/MailKit
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/jstedfast/MimeKit
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/AsyncWrapper-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/AutoFlushWrapper-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/BufferingWrapper-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Chainsaw-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/ColoredConsole-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Console-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Database-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Debug-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/EventLog-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/FallbackGroup-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/File-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/FilteringWrapper-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/ImpersonatingWrapper-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/LogReceiverService-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Mail-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Memory-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/MethodCall-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/NLogViewer-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Network-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Null-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/OutputDebugString-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/PerformanceCounter-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/PostFilteringWrapper-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/RandomizeGroup-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/RepeatingWrapper-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/RetryingWrapper-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/RoundRobinGroup-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/SplitGroup-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/Trace-target
    Source: NLog.xml0.1.drString found in binary or memory: https://github.com/nlog/nlog/wiki/WebService-target
    Source: NLog.dll.1.drString found in binary or memory: https://nlog-project.org/
    Source: NLog.xml0.1.drString found in binary or memory: https://stackoverflow.com/questions/1175888/determine-if-a-type-is-static
    Source: NLog.xml0.1.drString found in binary or memory: https://stackoverflow.com/questions/33915790/console-out-and-console-error-race-condition-error-in-a
    Source: avutil-56.dll.1.drString found in binary or memory: https://streams.videolan.org/upload/
    Source: rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.screenbeam.com
    Source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
    Source: NLog.xml0.1.drString found in binary or memory: https://www.gavpugh.com/2010/04/01/xnac-avoiding-garbage-when-working-with-stringbuilder/
    Source: vacscbkd.sys2.1.drString found in binary or memory: https://www.globalsign.com/repository/0
    Source: NLog.xml0.1.drString found in binary or memory: https://www.mysql.com/downloads/connector/net/
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: https://www.newtonsoft.com/json
    Source: Newtonsoft.Json.dll.32.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
    Source: NLog.xml0.1.drString found in binary or memory: https://www.npgsql.org/
    Source: NLog.dll.1.drString found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
    Source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
    Source: NLog.xml0.1.drString found in binary or memory: https://www.oracle.com/technology/tech/windows/odpnet/index.html
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5a6f3e.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7B73.tmpJump to behavior
    Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FFD9B4D12C07_3_00007FFD9B4D12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FFD9B4D37517_3_00007FFD9B4D3751
    Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FFD9B4D15187_3_00007FFD9B4D1518
    Source: C:\Windows\System32\rundll32.exeCode function: 10_3_00007FFD9B4912C010_3_00007FFD9B4912C0
    Source: C:\Windows\System32\rundll32.exeCode function: 10_3_00007FFD9B49486F10_3_00007FFD9B49486F
    Source: C:\Windows\System32\rundll32.exeCode function: 10_3_00007FFD9B493B2810_3_00007FFD9B493B28
    Source: C:\Windows\System32\rundll32.exeCode function: 10_3_00007FFD9B49375110_3_00007FFD9B493751
    Source: C:\Windows\System32\rundll32.exeCode function: 10_3_00007FFD9B49151810_3_00007FFD9B491518
    Source: C:\Windows\System32\rundll32.exeCode function: 19_3_00007FFD9B4C12C019_3_00007FFD9B4C12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 19_3_00007FFD9B4C375119_3_00007FFD9B4C3751
    Source: C:\Windows\System32\rundll32.exeCode function: 19_3_00007FFD9B4C151819_3_00007FFD9B4C1518
    Source: C:\Windows\System32\rundll32.exeCode function: 22_3_00007FFD9B4B4A4822_3_00007FFD9B4B4A48
    Source: C:\Windows\System32\rundll32.exeCode function: 22_3_00007FFD9B4B12C022_3_00007FFD9B4B12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 22_3_00007FFD9B4B4E6A22_3_00007FFD9B4B4E6A
    Source: C:\Windows\System32\rundll32.exeCode function: 22_3_00007FFD9B4B375122_3_00007FFD9B4B3751
    Source: C:\Windows\System32\rundll32.exeCode function: 22_3_00007FFD9B4B151822_3_00007FFD9B4B1518
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B4939B927_3_00007FFD9B4939B9
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B493B8227_3_00007FFD9B493B82
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B4912C027_3_00007FFD9B4912C0
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B49375127_3_00007FFD9B493751
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B4944FB27_3_00007FFD9B4944FB
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B49151827_3_00007FFD9B491518
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeCode function: 28_2_00007FFD9B3D12E928_2_00007FFD9B3D12E9
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeCode function: 28_2_00007FFD9B3D05E028_2_00007FFD9B3D05E0
    Source: C:\Windows\System32\rundll32.exeCode function: 32_3_00007FFD9B4C12C032_3_00007FFD9B4C12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 32_3_00007FFD9B4C375132_3_00007FFD9B4C3751
    Source: C:\Windows\System32\rundll32.exeCode function: 32_3_00007FFD9B4C151832_3_00007FFD9B4C1518
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeCode function: 36_2_00007FFD9B3E082836_2_00007FFD9B3E0828
    Source: C:\Windows\System32\rundll32.exeCode function: 38_3_00007FFD9B4B39B938_3_00007FFD9B4B39B9
    Source: C:\Windows\System32\rundll32.exeCode function: 38_3_00007FFD9B4B375138_3_00007FFD9B4B3751
    Source: C:\Windows\System32\rundll32.exeCode function: 38_3_00007FFD9B4B12DE38_3_00007FFD9B4B12DE
    Source: C:\Windows\System32\rundll32.exeCode function: 38_3_00007FFD9B4B151838_3_00007FFD9B4B1518
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A39B939_3_00007FFD9B4A39B9
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A12C039_3_00007FFD9B4A12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A027139_3_00007FFD9B4A0271
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A5A7139_3_00007FFD9B4A5A71
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A229039_3_00007FFD9B4A2290
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A473139_3_00007FFD9B4A4731
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A375139_3_00007FFD9B4A3751
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A151839_3_00007FFD9B4A1518
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A476039_3_00007FFD9B4A4760
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A4C6D39_3_00007FFD9B4A4C6D
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A028839_3_00007FFD9B4A0288
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A4C8839_3_00007FFD9B4A4C88
    Source: C:\Windows\System32\rundll32.exeCode function: 48_3_00007FFD9B4A12C048_3_00007FFD9B4A12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 48_3_00007FFD9B4A375148_3_00007FFD9B4A3751
    Source: C:\Windows\System32\rundll32.exeCode function: 48_3_00007FFD9B4A151848_3_00007FFD9B4A1518
    Source: C:\Windows\System32\rundll32.exeCode function: 51_3_00007FFD9B4B302D51_3_00007FFD9B4B302D
    Source: C:\Windows\System32\rundll32.exeCode function: 51_3_00007FFD9B4B375151_3_00007FFD9B4B3751
    Source: C:\Windows\System32\rundll32.exeCode function: 51_3_00007FFD9B4B151851_3_00007FFD9B4B1518
    Source: C:\Windows\System32\rundll32.exeCode function: 51_3_00007FFD9B4B12F051_3_00007FFD9B4B12F0
    Source: C:\Windows\System32\rundll32.exeCode function: 52_3_00007FFD9B4A12C052_3_00007FFD9B4A12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 52_3_00007FFD9B4A375152_3_00007FFD9B4A3751
    Source: C:\Windows\System32\rundll32.exeCode function: 52_3_00007FFD9B4A151852_3_00007FFD9B4A1518
    Source: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exeCode function: 55_2_00007FFD9B3F080855_2_00007FFD9B3F0808
    Source: C:\Windows\System32\rundll32.exeCode function: 57_3_00007FFD9B4A151857_3_00007FFD9B4A1518
    Source: C:\Windows\System32\rundll32.exeCode function: 57_3_00007FFD9B4A12F057_3_00007FFD9B4A12F0
    Source: SharpDX.DXGI.dll.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: System.Globalization.Extensions.dll.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: tLegalCopyrightCopyright (c) Microsoft Corporation. All rights reserved.L$OriginalFilenameVC_redist.x86.exe vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: tLegalCopyrightCopyright (c) Microsoft Corporation. All rights reserved.L$OriginalFilenameVC_redist.x64.exe vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameviewer.exeF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFileNameaipackagechainer.exeh vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameNetFirewall.dllF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenamePrereq.dllF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameExternalUICleaner.dllF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameByomCustomAction.dllB vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs ScreenBeam_Conference_Windows.msi
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
    Source: classification engineClassification label: mal52.troj.evad.winMSI@96/422@0/0
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeamJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rundll32.exe.logJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7272:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7572:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7256:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6664:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7196:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6876:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4460:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6548:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2800:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6308:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1344:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6148:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3620:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:564:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7788:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1284:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5796:120:WilError_03
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI377A.tmpJump to behavior
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
    Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3424.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5911687 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ScreenBeam_Conference_Windows.msi"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9D34D7427C27ADE329EE17E590582B2F C
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 809CEDDD01300C3B79C7082C58D3525E C
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3424.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5911687 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5913265 100 ByomCustomAction!ByomCustomAction.CustomActions.VerifyDriverBusy
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI5838.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5920828 128 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI5C50.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5921859 138 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI66B1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5924515 164 ByomCustomAction!ByomCustomAction.CustomActions.RemoveDriver
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exe sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 91905C7D064CD546A55ACF820F5C2603
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2BC6845E5AFE2BC1FD6CEB0BC5219A68
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI7D4D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5930375 133 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI857D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5932421 160 ByomCustomAction!ByomCustomAction.CustomActions.WaitForUnpairDeviceApp
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI9CD1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5938406 168 ByomCustomAction!ByomCustomAction.CustomActions.StopSBUCProcesses
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIB1D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5943750 220 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIB702.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5945093 230 ByomCustomAction!ByomCustomAction.CustomActions.SetIsInstallingTrue
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIBD3E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5946671 437 ByomCustomAction!ByomCustomAction.CustomActions.IsDriverBusy
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC5FA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5948921 452 ByomCustomAction!ByomCustomAction.CustomActions.DisableCampfilters
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9D34D7427C27ADE329EE17E590582B2F CJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 809CEDDD01300C3B79C7082C58D3525E CJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 91905C7D064CD546A55ACF820F5C2603Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2BC6845E5AFE2BC1FD6CEB0BC5219A68Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3424.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5911687 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSettingJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5913265 100 ByomCustomAction!ByomCustomAction.CustomActions.VerifyDriverBusyJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI5838.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5920828 128 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSettingJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI5C50.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5921859 138 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcessesJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI66B1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5924515 164 ByomCustomAction!ByomCustomAction.CustomActions.RemoveDriverJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exe "DefMic.exe" --defJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe "DefMic.exe" --listJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe "DefMic.exe" --listJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exe sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI7D4D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5930375 133 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI857D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5932421 160 ByomCustomAction!ByomCustomAction.CustomActions.WaitForUnpairDeviceApp
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI9CD1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5938406 168 ByomCustomAction!ByomCustomAction.CustomActions.StopSBUCProcesses
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIB1D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5943750 220 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIB702.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5945093 230 ByomCustomAction!ByomCustomAction.CustomActions.SetIsInstallingTrue
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIBD3E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5946671 437 ByomCustomAction!ByomCustomAction.CustomActions.IsDriverBusy
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC5FA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5948921 452 ByomCustomAction!ByomCustomAction.CustomActions.DisableCampfilters
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll
    Source: C:\Windows\System32\rundll32.exeProcess created: unknown unknown
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32Jump to behavior
    Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
    Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
    Source: C:\Windows\System32\msiexec.exeAutomated click: Accept
    Source: C:\Windows\System32\msiexec.exeAutomated click: Install
    Source: C:\Windows\System32\msiexec.exeAutomated click: Install
    Source: C:\Windows\System32\msiexec.exeAutomated click: Install
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeamJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\ConferenceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appsettingsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appsettings\settings.jsonJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\eula.rtfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\ScreenBeam.bmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\ScreenBeam.icoJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\deJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\FiltersJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Fizzler.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ImagesJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Go2Meeting.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\ham_menu.svgJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\info-icon.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\panic_button.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\repair_icon.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\ScreenBeamLogo.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Source 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Source 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Teams_03.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\teams_settings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\warning-orange.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Warning_blk.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Warning_red.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Webex_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Webex_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\zoom_settings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\qf4net.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Svg.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Svg.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audioJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\instrmv.cmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\serviceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\qf4net.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\instrmv.cmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Console.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config1_base.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ipsee.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\runconfig.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.caJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.keyJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\user manual.pdfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\en-USJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config2_base.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreenBeam Conference 1.0.5.3Jump to behavior
    Source: ScreenBeam_Conference_Windows.msiStatic file information: File size 102197248 > 1048576
    Source: Binary string: dows\exe\DefMic.pdbf source: DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbuser\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\UsersC: source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: DefMic.exe, 00000008.00000002.2306218613.0000000000801000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb_1 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: C:\Dev\SVG\Source\obj\Release\net461\Svg.pdb source: Svg.dll.1.dr
    Source: Binary string: \??\C:\Windows\DefMic.pdbCY source: DefMic.exe, 00000031.00000002.2622685356.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\66\s\build\ship\x64\SfxCA.pdb source: ScreenBeam_Conference_Windows.msi, MSIC10.tmp.1.dr
    Source: Binary string: Microsoft.Xaml.Behaviors.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: SBConference.Model.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: m,C:\Windows\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: XamlAnimatedGif.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.PDB source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdbX+r+ d+_CorDllMainmscoree.dll source: System.ObjectModel.dll.1.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306218613.0000000000801000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI3ABC.tmp-\DefMic.PDB source: DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb3 source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb source: DefMic.exe, 00000028.00000002.2571020714.0000000000942000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000088F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: NLog.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI3424.tmp-\DefMic.PDB source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb/jIj ;j_CorExeMainmscoree.dll source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000000.2300858564.0000000000242000.00000002.00000001.01000000.00000007.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.0000000001192000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000AE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000936000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000087F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: StreamPlayback.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.pdb8" source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdb source: DefMic.exe, 00000035.00000002.2655208737.000000000083B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: MahApps.Metro.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: dows\dll\mscorlib.pdb source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI5C50.tmp-\DefMic.PDB source: DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.1.dr
    Source: Binary string: \mscorlib.pdbr source: DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: System.Diagnostics.Process.dll.1.dr
    Source: Binary string: \??\C:\Windows\DefMic.pdbtD source: DefMic.exe, 00000028.00000002.2571020714.0000000000900000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Osymbols\exe\DefMic.pdb source: DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConfDiag.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: System.IO.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSI7D4D.tmp-\DefMic.PDB source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: {enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbw source: DefMic.exe, 0000002C.00000002.2582628392.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.PDBc source: DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb{ source: DefMic.exe, 0000000B.00000002.2319786140.0000000001192000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ControlzEx.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbF% source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb#A` source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.pdb089T source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2392280014.0000000001031000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSI7D4D.tmp-\DefMic.pdb6d source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: UnpairDeviceApp.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: Microsoft.Xaml.Behaviors.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: =symbols\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.PDB< source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: vacscbkd.pdbR source: vacscbkd.sys2.1.dr
    Source: Binary string: dows\exe\DefMic.pdbb}| source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSIB1D1.tmp-\DefMic.pdb source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: System.Resources.Writer.dll.1.dr
    Source: Binary string: SBConference.Model.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=065367ComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\rs source: DefMic.exe, 00000035.00000002.2655208737.000000000087F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbbva source: DefMic.exe, 00000008.00000002.2306218613.00000000007CC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: vacscbkd.pdb source: vacscbkd.sys2.1.dr
    Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: ScreenBeamConference.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.pdb. source: DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Usymbols\exe\DefMic.pdb source: DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb| source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb\ source: DefMic.exe, 00000017.00000002.2404230205.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$*>* 0*_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSIB1D1.tmp-\DefMic.pdb source: DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb%| source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSI9CD1.tmp-\DefMic.pdb source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbC source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb] source: DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer\msi-installer\ByomCustomAction\ByomCustomAction\obj\x64\Release\ByomCustomAction.pdb source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: ControlzEx.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdb<S0BWQ source: DefMic.exe, 00000021.00000002.2493051155.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIB1D1.tmp-\DefMic.PDB source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbb source: DefMic.exe, 00000008.00000002.2306218613.00000000007E2000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: UnpairDeviceApp.pdb^ source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\DefMic.pdbd source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.PDB\+%/ source: DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: System.Xml.XPath.dll.1.dr
    Source: Binary string: symbols\exe\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdb source: DefMic.exe, 0000002C.00000002.2582628392.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256 source: NLog.dll.1.dr
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbe source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbS source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ScreenBeamConference.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\DefMic.pdbU source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb} source: ScreenBeam_Conference_Windows.msi, MSIE11.tmp.0.dr
    Source: Binary string: \??\C:\Windows\DefMic.pdbqI[ source: DefMic.exe, 00000014.00000002.2392280014.0000000001031000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: System.Resources.Writer.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbVV0 source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.pdb source: DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConference.Service.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: StreamPlayback.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.pdb`* source: DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb} source: DefMic.exe, 00000028.00000002.2571020714.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb9 source: DefMic.exe, 00000031.00000002.2622685356.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\aipackagechainer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.pdb source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\svn\happytimesoft\onvifclient\bin\x64\OnvifClientLibrary.pdb source: OnvifClientLibrary.dll.1.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb! source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Windows\DefMic.pdbpdbMic.pdb source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb==x source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\exe\DefMic.pdb source: DefMic.exe, 00000017.00000002.2404230205.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb; source: ScreenBeam_Conference_Windows.msi, MSICB5A.tmp.1.dr
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdb source: System.ObjectModel.dll.1.dr
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2319786140.0000000001192000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbp source: DefMic.exe, 00000028.00000002.2571020714.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbW9u'u source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbPly source: DefMic.exe, 0000002C.00000002.2582628392.0000000000793000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306218613.00000000007E2000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000900000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306218613.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.000000000114E000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbb3 source: DefMic.exe, 00000017.00000002.2404230205.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.pdb source: DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb^ source: DefMic.exe, 00000014.00000002.2392280014.000000000101D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: DefMic.exe, 00000035.00000002.2655208737.000000000087F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\exe\DefMic.pdb6b source: DefMic.exe, 0000000B.00000002.2319786140.0000000001162000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbmp-\DefMic.PDB source: DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConference.ViewModel.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
    Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000007.00000003.2296095430.0000014006423000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183953000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.00000231691E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C469000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A5FDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580ED9E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A1F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399AC7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A44000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Xsymbols\exe\DefMic.pdb source: DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConference.ViewModel.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: XamlAnimatedGif.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbll> source: DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.pdb source: DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Service.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: SBConference.Common.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll.1.dr
    Source: Binary string: \??\C:\Windows\mscorlib.pdb, source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdbf> source: DefMic.exe, 00000008.00000002.2306218613.00000000007E2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConfDiag.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSI9CD1.tmp-\DefMic.pdb& source: DefMic.exe, 00000028.00000002.2571020714.0000000000922000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb3 source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI5838.tmp-\DefMic.PDB source: DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\Users\ScreenBeam\Projects\sb-conference-installer\byom-rtsp-client\sbdrvmgr\sbdrvmgr\obj\x64\Release\sbdrvmgr.pdb source: rundll32.exe, 00000007.00000003.2296254116.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296215104.00000140048E1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311834210.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311786267.0000014523EE1000.00000004.00000020.00020000.00000000.sdmp, sbdrvmgr.exe, 0000000D.00000000.2320871905.000002ADB4A52000.00000002.00000001.01000000.0000000C.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386790876.000001BB920B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397242476.0000021181F34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428565608.00000231676AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482814921.0000011F4A9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503317111.000002A8A43BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563026969.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2563095837.0000023207E71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616272670.000002580D2A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616339717.000002580D2A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630652716.000002CD386C1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2646143690.0000023999202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2646059598.0000023999202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000
    Source: Binary string: SBConference.Common.pdb_1 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: ScreenBeam_Conference_Windows.msi, MSI9CA1.tmp.1.dr
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: System.Diagnostics.Process.dll.1.dr
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.0000000000793000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: MahApps.Metro.pdbx& source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdb< source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb<D source: DefMic.exe, 00000028.00000002.2571020714.0000000000900000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb]A^ source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
    Source: Binary string: C:\svn\happytimesoft\onvifclient\bin\x64\OnvifClientLibrary.pdb22 source: OnvifClientLibrary.dll.1.dr
    Source: Binary string: dows\exe\DefMic.pdb! source: DefMic.exe, 00000021.00000002.2493051155.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbc source: DefMic.exe, 00000014.00000002.2392280014.0000000001055000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbb source: DefMic.exe, 00000008.00000002.2306218613.0000000000801000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2668257772.000001C326A78000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: ScreenBeam_Conference_Windows.msi, MSIE11.tmp.0.dr
    Source: Binary string: osymbols\exe\DefMic.pdb source: DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: DefMic.exe, 0000002C.00000002.2582628392.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIBD3E.tmp-\DefMic.pdby source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbC source: DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbE source: DefMic.exe, 00000031.00000002.2622685356.00000000015E1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb source: ScreenBeam_Conference_Windows.msi, MSICB5A.tmp.1.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbq% source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbN source: DefMic.exe, 00000021.00000002.2493051155.0000000000AE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSI9CD1.tmp-\DefMic.pdb source: DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdba\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindiq source: DefMic.exe, 00000028.00000002.2571020714.0000000000936000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: DefMic.exe, 00000008.00000002.2306218613.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.000000000114E000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2392280014.000000000101D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.0000000000793000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622685356.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000083B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.NonGeneric\4.0.3.0\System.Collections.NonGeneric.pdb source: System.Collections.NonGeneric.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb3 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb{ source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb== source: DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdbz source: DefMic.exe, 0000000F.00000002.2328125476.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb source: rundll32.exe, 00000007.00000003.2296095430.0000014006457000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000008.00000002.2306218613.0000000000812000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000000.2300858564.0000000000242000.00000002.00000001.01000000.00000007.sdmp, rundll32.exe, 0000000A.00000003.2311656669.0000014525AF6000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319786140.0000000001192000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2328125476.0000000001007000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2386675524.000001BB93B49000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2397084888.0000021183987000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404230205.0000000000EF1000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2428411122.0000023169216000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2482661596.0000011F4C49D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2493051155.0000000000AE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000026.00000003.2503167353.000002A8A600E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2562873311.00000232098F8000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2571020714.0000000000936000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582628392.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2616130766.000002580EDD2000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2630442229.000002CD3A227000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2645896724.000002399ACB3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2655208737.000000000087F000.00000
    Source: Binary string: \??\C:\Windows\mscorlib.pdbs source: DefMic.exe, 00000035.00000002.2655208737.000000000084F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Windows\Installer\MSIBD3E.tmp-\DefMic.pdb source: DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbT% source: DefMic.exe, 0000002C.00000002.2582628392.00000000007C8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSI7D4D.tmp-\DefMic.pdb source: DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: m.pdb source: DefMic.exe, 00000008.00000002.2306099822.00000000003DA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2319666552.0000000000DEA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2327585739.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2391984892.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2404107204.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2492387801.00000000006FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2570358459.000000000058A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2582105899.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2622008773.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2654612124.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\Dev\SVG\Source\obj\Release\net461\Svg.pdbSHA256 source: Svg.dll.1.dr
    Source: SharpDX.DXGI.dll.1.drStatic PE information: 0xA0153478 [Tue Feb 9 00:04:08 2055 UTC]
    Source: MSI3424.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: MSI5838.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: MSI5C50.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: MSI3ABC.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: MSI66B1.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll

    Persistence and Installation Behavior

    barindex
    Drops executables to the windows directory (C:\Windows) and starts them
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exe
    Sample is not signed and drops a device driver
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shi7C7D.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9C61.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D0E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3A4F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI39B0.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9CA1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D4D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\NLog.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI39C1.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICDC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3837.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3B0D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI6EF2.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7B73.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI377A.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6AF.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Fizzler.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7C51.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE8F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3424.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB5A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3ABD.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI6ED1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI854D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\NLog.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\qf4net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB83.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5838.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC10.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9CD1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7C01.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB702.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\qf4net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC5FA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB1D1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Console.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shi3A77.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBA4E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Svg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7C21.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA6C.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3990.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\viewer.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI19DB.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI37F8.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3AED.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIE11.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI6EA1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI857D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBD3E.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9C61.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBA4E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7C21.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA6C.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D0E.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7B73.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6AF.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB83.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI7D4D.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIBD3E.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC10.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7C51.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI9CD1.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB702.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9CA1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D4D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9CD1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB5A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7C01.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIB1D1.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIC5FA.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI857D.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB702.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI857D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBD3E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC5FA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICDC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB1D1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI854D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\eula.rtfJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenBeamJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenBeam\ConferenceJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenBeam\Conference\ScreenBeam Conference.lnkJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeCode function: 28_2_00007FFD9B3D17FA SetupDiGetDeviceRegistryPropertyW,28_2_00007FFD9B3D17FA
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 695Jump to behavior
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 1501Jump to behavior
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 2155Jump to behavior
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 471
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 407
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 675
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 879
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 619
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 667
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 1152
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 952
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 2489
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 510
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 937
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 736
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi7C7D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7D4D.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9C61.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7D0E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI39B0.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC5FA.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9CD1.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9CA1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI857D.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\NLog.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI39C1.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICDC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3837.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3B0D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6EF2.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7D4D.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB1D1.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Linq.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI857D.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9CD1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI857D.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6AF.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Fizzler.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBD3E.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE8F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC5FA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6ED1.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Collections.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI854D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\NLog.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\qf4net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB702.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB1D1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9CD1.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB83.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC10.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC5FA.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB702.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7C01.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB1D1.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\qf4net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Console.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi3A77.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB702.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBA4E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Svg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7C21.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEA6C.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3990.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBD3E.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBD3E.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7D4D.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI37F8.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Memory.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exe TID: 7208Thread sleep time: -2767011611056431s >= -30000sJump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 2836Thread sleep count: 695 > 30Jump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 5672Thread sleep count: 211 > 30Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exe TID: 4416Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 7496Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 7652Thread sleep count: 1501 > 30Jump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 7680Thread sleep count: 2155 > 30Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe TID: 7732Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe TID: 1868Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe TID: 2080Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe TID: 5064Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 4268Thread sleep time: -2767011611056431s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 7932Thread sleep count: 471 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 7932Thread sleep count: 407 > 30
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exe TID: 7980Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 6156Thread sleep time: -4611686018427385s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 5252Thread sleep count: 675 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 5252Thread sleep count: 879 > 30
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exe TID: 6584Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exe TID: 8008Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 6912Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 2492Thread sleep count: 619 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 2492Thread sleep count: 260 > 30
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exe TID: 928Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 1640Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 1988Thread sleep count: 667 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 5368Thread sleep count: 1152 > 30
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exe TID: 648Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exe TID: 1312Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 1148Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 3716Thread sleep count: 952 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 3940Thread sleep count: 2489 > 30
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe TID: 5984Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe TID: 6252Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe TID: 6784Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe TID: 7072Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 6496Thread sleep time: -2767011611056431s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 352Thread sleep count: 510 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 352Thread sleep count: 344 > 30
    Source: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exe TID: 6344Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 7276Thread sleep time: -4611686018427385s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 7248Thread sleep count: 937 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 7248Thread sleep count: 736 > 30
    Source: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exe TID: 8188Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exe TID: 5132Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 7572Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 7312Thread sleep count: 287 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 7312Thread sleep count: 113 > 30
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: avcodec-58.dll.1.drBinary or memory string: vmncVMware Screen Codec / VMware VideoDuplicate value found in floor 1 X coordinates
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: 9qemu
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
    Source: avcodec-58.dll.1.drBinary or memory string: VMware Screen Codec / VMware Video
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeMemory allocated: page read and write | page guardJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exe "DefMic.exe" --defJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe "DefMic.exe" --listJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe "DefMic.exe" --listJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exe sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll
    Source: C:\Windows\System32\rundll32.exeProcess created: unknown unknown
    Source: rundll32.exe, 00000020.00000002.2499178240.0000011F64AD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanlorreview
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeCode function: 28_2_00007FFD9B3D17FA SetupDiGetDeviceRegistryPropertyW,28_2_00007FFD9B3D17FA
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\ByomCustomAction.dll VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exe VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\ByomCustomAction.dll VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI7D4D.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI7D4D.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exeQueries volume information: C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI857D.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI857D.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI9CD1.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI9CD1.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeQueries volume information: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exeQueries volume information: C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIB1D1.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIB1D1.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIB702.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIB702.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIBD3E.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIBD3E.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exeQueries volume information: C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC5FA.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC5FA.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
    1
    Replication Through Removable Media    		Windows Management Instrumentation11
    Windows Service    		11
    Windows Service    		133
    Masquerading    		OS Credential Dumping1
    Query Registry    		1
    Replication Through Removable Media    		1
    Archive Collected Data    		Exfiltration Over Other Network Medium1
    Encrypted Channel    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
    Default AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder    		12
    Process Injection    		1
    Disable or Modify Tools    		LSASS Memory1
    Security Software Discovery    		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
    Domain AccountsAt1
    DLL Side-Loading    		1
    Registry Run Keys / Startup Folder    		21
    Virtualization/Sandbox Evasion    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses
    Local AccountsCronLogin Hook1
    DLL Side-Loading    		12
    Process Injection    		NTDS21
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
    Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Regsvr32    		LSA Secrets1
    Application Window Discovery    		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
    Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Rundll32    		Cached Domain Credentials11
    Peripheral Device Discovery    		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
    External Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Timestomp    		DCSync1
    File and Directory Discovery    		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
    Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading    		Proc Filesystem23
    System Information Discovery    		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
    Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    File Deletion    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1367930 Sample: ScreenBeam_Conference_Windows.msi Startdate: 29/12/2023 Architecture: WINDOWS Score: 52 118 Yara detected Generic Downloader 2->118 9 msiexec.exe 331 366 2->9         started        13 msiexec.exe 26 2->13         started        process3 file4 102 C:\Windows\Installer\MSIBD3E.tmp, PE32+ 9->102 dropped 104 C:\Windows\Installer\MSIB1D1.tmp, PE32+ 9->104 dropped 106 C:\Windows\Installer\MSI9CD1.tmp, PE32+ 9->106 dropped 114 201 other files (6 malicious) 9->114 dropped 122 Sample is not signed and drops a device driver 9->122 15 msiexec.exe 9->15         started        17 msiexec.exe 9->17         started        19 msiexec.exe 2 9->19         started        22 msiexec.exe 9->22         started        108 C:\Users\user\AppData\Local\Temp\MSIE8F.tmp, PE32 13->108 dropped 110 C:\Users\user\AppData\Local\Temp\MSIE11.tmp, PE32 13->110 dropped 112 C:\Users\user\AppData\Local\...\MSI6EF2.tmp, PE32 13->112 dropped 116 18 other files (none is malicious) 13->116 dropped signatures5 process6 file7 24 rundll32.exe 15->24         started        28 rundll32.exe 15->28         started        30 rundll32.exe 15->30         started        38 4 other processes 15->38 32 rundll32.exe 8 17->32         started        34 rundll32.exe 17->34         started        36 rundll32.exe 9 17->36         started        40 2 other processes 17->40 78 C:\Users\user\AppData\Local\Temp\viewer.exe, PE32 19->78 dropped 80 C:\Users\user\AppData\Local\...\shi3A77.tmp, PE32 19->80 dropped 82 C:\Users\user\AppData\Local\...\shi7C7D.tmp, PE32 22->82 dropped process8 file9 86 5 other files (2 malicious) 24->86 dropped 120 Drops executables to the windows directory (C:\Windows) and starts them 24->120 46 4 other processes 24->46 88 5 other files (2 malicious) 28->88 dropped 48 2 other processes 28->48 84 C:\Windows\Installer\...\sbdrvmgr.exe, PE32+ 30->84 dropped 90 4 other files (1 malicious) 30->90 dropped 50 2 other processes 30->50 92 5 other files (none is malicious) 32->92 dropped 42 DefMic.exe 1 32->42         started        52 3 other processes 32->52 94 5 other files (none is malicious) 34->94 dropped 54 2 other processes 34->54 96 5 other files (none is malicious) 36->96 dropped 44 DefMic.exe 2 36->44         started        98 20 other files (1 malicious) 38->98 dropped 56 2 other processes 38->56 100 10 other files (none is malicious) 40->100 dropped 58 2 other processes 40->58 signatures10 process11 process12 60 conhost.exe 42->60         started        62 conhost.exe 44->62         started        66 4 other processes 46->66 68 2 other processes 48->68 70 2 other processes 50->70 72 3 other processes 52->72 74 2 other processes 54->74 64 conhost.exe 56->64         started        76 2 other processes 58->76

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    ScreenBeam_Conference_Windows.msi8%ReversingLabs
    ScreenBeam_Conference_Windows.msi0%VirustotalBrowse

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exe0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dll3%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exe0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dll3%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dll0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exe0%VirustotalBrowse
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exe0%VirustotalBrowse

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    fp2e7a.wpc.phicdn.net0%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    http://www.twolame.org/1%VirustotalBrowse
    http://www.twolame.org/0%Avira URL Cloudsafe
    https://www.gavpugh.com/2010/04/01/xnac-avoiding-garbage-when-working-with-stringbuilder/0%Avira URL Cloudsafe
    https://www.gavpugh.com/2010/04/01/xnac-avoiding-garbage-when-working-with-stringbuilder/0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    fp2e7a.wpc.phicdn.net
    		192.229.211.108
    		truefalseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://www.mysql.com/downloads/connector/net/NLog.xml0.1.drfalse
      		high
      http://www.onvif.org/ver10/replay/wsdl/GetReplayConfigurationOnvifClientLibrary.dll.1.drfalse
        		high
        https://github.com/nlog/nlog/wiki/FilteringWrapper-targetNLog.xml0.1.drfalse
          		high
          http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfoOnvifClientLibrary.dll.1.drfalse
            		high
            http://www.onvif.org/ver10/provisioning/wsdl/RollMoveuOnvifClientLibrary.dll.1.drfalse
              		high
              http://www.onvif.org/ver10/provisioning/wsdl/StopOnvifClientLibrary.dll.1.drfalse
                		high
                http://docs.oasis-open.org/wsn/bw-2/PausableSubscriptionManager/ResumeSubscriptionRequestOnvifClientLibrary.dll.1.drfalse
                  		high
                  http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorListOnvifClientLibrary.dll.1.drfalse
                    		high
                    http://www.onvif.org/ver10/device/wsdl/DeleteStorageConfigurationOnvifClientLibrary.dll.1.drfalse
                      		high
                      https://nlog-project.org/NLog.dll.1.drfalse
                        		high
                        http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupscOnvifClientLibrary.dll.1.drfalse
                          		high
                          http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfigurationOptions=OnvifClientLibrary.dll.1.drfalse
                            		high
                            http://www.onvif.org/ver10/provisioning/wsdl/StopwOnvifClientLibrary.dll.1.drfalse
                              		high
                              http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationOnvifClientLibrary.dll.1.drfalse
                                		high
                                http://www.onvif.org/ver10/search/wsdl/GetMetadataSearchResultsOnvifClientLibrary.dll.1.drfalse
                                  		high
                                  http://www.onvif.org/ver10/media/wsdl/RemoveVideoAnalyticsConfigurationOnvifClientLibrary.dll.1.drfalse
                                    		high
                                    http://www.onvif.org/ver10/schedule/wsdl/GetScheduleListOnvifClientLibrary.dll.1.drfalse
                                      		high
                                      http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileListOnvifClientLibrary.dll.1.drfalse
                                        		high
                                        https://github.com/nlog/nlog/wiki/LogReceiverService-targetNLog.xml0.1.drfalse
                                          		high
                                          https://github.com/nlog/nlog/wiki/RandomizeGroup-targetNLog.xml0.1.drfalse
                                            		high
                                            http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfoOnvifClientLibrary.dll.1.drfalse
                                              		high
                                              http://www.onvif.org/ver20/imaging/wsdl/GetCurrentPresetOnvifClientLibrary.dll.1.drfalse
                                                		high
                                                http://www.onvif.org/ver10/device/wsdl/GetStorageConfigurationOnvifClientLibrary.dll.1.drfalse
                                                  		high
                                                  https://stackoverflow.com/questions/1175888/determine-if-a-type-is-staticNLog.xml0.1.drfalse
                                                    		high
                                                    http://www.onvif.org/ver10/recording/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                                      		high
                                                      http://www.onvif.org/ver20/ptz/wsdl/GotoHomePositionOnvifClientLibrary.dll.1.drfalse
                                                        		high
                                                        http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfilesTOnvifClientLibrary.dll.1.drfalse
                                                          		high
                                                          http://www.onvif.org/ver10/credential/wsdl/GetCredentialStateFOnvifClientLibrary.dll.1.drfalse
                                                            		high
                                                            https://streams.videolan.org/upload/avutil-56.dll.1.drfalse
                                                              		high
                                                              https://github.com/nlog/nlog/wiki/RetryingWrapper-targetNLog.xml0.1.drfalse
                                                                		high
                                                                http://docs.oasis-open.org/wsn/bw-2/NotificationProducer/SubscribeRequestOnvifClientLibrary.dll.1.drfalse
                                                                  		high
                                                                  http://www.onvif.org/ver10/device/wsdl/SetNetworkDefaultGatewayOnvifClientLibrary.dll.1.drfalse
                                                                    		high
                                                                    http://www.onvif.org/ver10/receiver/wsdl/CreateReceiverlOnvifClientLibrary.dll.1.drfalse
                                                                      		high
                                                                      http://www.onvif.org/ver10/credential/wsdl/GetCredentialsOnvifClientLibrary.dll.1.drfalse
                                                                        		high
                                                                        http://www.onvif.org/ver10/provisioning/wsdl/ZoomMovetOnvifClientLibrary.dll.1.drfalse
                                                                          		high
                                                                          https://github.com/nlog/nlog/wiki/Mail-targetNLog.xml0.1.drfalse
                                                                            		high
                                                                            http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenReleaseDoor/OnvifClientLibrary.dll.1.drfalse
                                                                              		high
                                                                              http://www.onvif.org/ver10/media/wsdl/DeleteProfileOnvifClientLibrary.dll.1.drfalse
                                                                                		high
                                                                                http://www.onvif.org/ver10/media/wsdl/SetOSDOnvifClientLibrary.dll.1.drfalse
                                                                                  		high
                                                                                  http://www.onvif.org/ver10/credential/wsdl/GetCredentialStateOnvifClientLibrary.dll.1.drfalse
                                                                                    		high
                                                                                    https://github.com/nlog/nlog/wiki/NLogViewer-targetNLog.xml0.1.drfalse
                                                                                      		high
                                                                                      http://www.onvif.org/ver10/media/wsdl/GetAudioEncoderConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                        		high
                                                                                        http://www.onvif.org/ver20/media/wsdl/GetMasksOnvifClientLibrary.dll.1.drfalse
                                                                                          		high
                                                                                          http://www.onvif.org/ver10/doorcontrol/wsdl/LockDoorOnvifClientLibrary.dll.1.drfalse
                                                                                            		high
                                                                                            http://www.onvif.org/ver10/media/wsdl/RemoveVideoSourceConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                              		high
                                                                                              http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationOptions:OnvifClientLibrary.dll.1.drfalse
                                                                                                		high
                                                                                                http://www.onvif.org/ver20/ptz/wsdl/OperatePresetTourOnvifClientLibrary.dll.1.drfalse
                                                                                                  		high
                                                                                                  http://www.onvif.org/ver10/deviceio/wsdl/GetDigitalInputsOnvifClientLibrary.dll.1.drfalse
                                                                                                    		high
                                                                                                    http://www.onvif.org/ver10/device/wsdl/GetDot11StatusOnvifClientLibrary.dll.1.drfalse
                                                                                                      		high
                                                                                                      http://www.onvif.org/ver10/device/wsdl/GetRemoteUserOnvifClientLibrary.dll.1.drfalse
                                                                                                        		high
                                                                                                        https://www.npgsql.org/NLog.xml0.1.drfalse
                                                                                                          		high
                                                                                                          http://www.onvif.org/ver10/thermal/wsdl/SetConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                            		high
                                                                                                            https://stackoverflow.com/questions/33915790/console-out-and-console-error-race-condition-error-in-aNLog.xml0.1.drfalse
                                                                                                              		high
                                                                                                              https://www.nuget.org/packages/NLog.Web.AspNetCoreNLog.dll.1.drfalse
                                                                                                                		high
                                                                                                                http://www.onvif.org/ver10/device/wsdl/GetIPAddressFilterOnvifClientLibrary.dll.1.drfalse
                                                                                                                  		high
                                                                                                                  http://www.onvif.org/ver10/doorcontrol/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                                                                                                    		high
                                                                                                                    http://www.onvif.org/ver20/media/wsdl/GetVideoSourceModesOnvifClientLibrary.dll.1.drfalse
                                                                                                                      		high
                                                                                                                      http://www.twolame.org/avcodec-58.dll.1.drfalse
                                                                                                                      • 1%, Virustotal, Browse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://www.onvif.org/ver10/media/wsdl/GetVideoEncoderConfigurationOptionsOnvifClientLibrary.dll.1.drfalse
                                                                                                                        		high
                                                                                                                        http://www.onvif.org/ver10/media/wsdl/SetVideoAnalyticsConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                          		high
                                                                                                                          http://www.onvif.org/ver10/media/wsdl/GetVideoSourceConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                            		high
                                                                                                                            http://www.onvif.org/ver10/device/wsdl/AddIPAddressFilterOnvifClientLibrary.dll.1.drfalse
                                                                                                                              		high
                                                                                                                              http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfo%OnvifClientLibrary.dll.1.drfalse
                                                                                                                                		high
                                                                                                                                http://www.onvif.org/ver20/analytics/wsdl/GetAnalyticsModuleOptionsOnvifClientLibrary.dll.1.drfalse
                                                                                                                                  		high
                                                                                                                                  http://www.onvif.org/ver10/credential/wsdl/DisableCredentialHOnvifClientLibrary.dll.1.drfalse
                                                                                                                                    		high
                                                                                                                                    http://www.onvif.org/ver10/device/wsdl/DeleteUsersOnvifClientLibrary.dll.1.drfalse
                                                                                                                                      		high
                                                                                                                                      http://www.onvif.org/ver10/accessrules/wsdl/CreateAccessProfileVOnvifClientLibrary.dll.1.drfalse
                                                                                                                                        		high
                                                                                                                                        http://www.onvif.org/ver10/doorcontrol/wsdl/LockDownReleaseDoor-OnvifClientLibrary.dll.1.drfalse
                                                                                                                                          		high
                                                                                                                                          http://www.onvif.org/ver10/media/wsdl/DeleteOSDOnvifClientLibrary.dll.1.drfalse
                                                                                                                                            		high
                                                                                                                                            http://www.onvif.org/ver10/media/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                              		high
                                                                                                                                              http://www.onvif.org/ver20/media/wsdl/DeleteProfileOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                		high
                                                                                                                                                http://m.nu/program/util/netcat/netcat.htmlNLog.xml0.1.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.onvif.org/ver20/media/wsdl/SetAudioSourceConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.onvif.org/ver10/media/wsdl/RemovePTZConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesTNLog.dll.1.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.onvif.org/ver10/provisioning/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.onvif.org/ver10/credential/wsdl/GetCredentialAccessProfilesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.onvif.org/ver10/schedule/wsdl/GetScheduleStateOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.onvif.org/ver10/device/wsdl/StartSystemRestoreOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.onvif.org/ver10/credential/wsdl/EnableCredentialOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.onvif.org/ver20/media/wsdl/SetAudioEncoderConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.onvif.org/ver10/device/wsdl/SetScopesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.onvif.org/ver10/device/wsdl/SetNTPOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.onvif.org/ver20/analytics/wsdl/ModifyAnalyticsModulesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.onvif.org/ver10/device/wsdl/GetNetworkProtocolsOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.onvif.org/ver10/accessrules/wsdl/GetServiceCapabilitiesQOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.onvif.org/ver10/search/wsdl/GetEventSearchResultsOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.onvif.org/ver10/credential/wsdl/GetCredentialListBOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.onvif.org/ver20/ptz/wsdl/GetConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.onvif.org/ver10/media/wsdl/RemoveAudioSourceConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.gavpugh.com/2010/04/01/xnac-avoiding-garbage-when-working-with-stringbuilder/NLog.xml0.1.drfalse
                                                                                                                                                                                        • 0%, Virustotal, Browse
                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.onvif.org/ver10/media/wsdl/RemoveAudioDecoderConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.onvif.org/ver20/imaging/wsdl/SetCurrentPresetOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.onvif.org/ver20/media/wsdl/GetAudioSourceConfigurationsOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.onvif.org/ver10/doorcontrol/wsdl/DeleteDoor5OnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://github.com/jstedfast/MailKitNLog.xml0.1.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://www.onvif.org/ver10/receiver/wsdl/ConfigureReceiverOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.onvif.org/ver10/receiver/wsdl/GetReceiverStateOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfiguration;OnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        No contacted IP infos

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:38.0.0 Ammolite
                                                                                                                                                                                                        Analysis ID:1367930
                                                                                                                                                                                                        Start date and time:2023-12-29 04:47:52 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 9m 53s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:59
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:ScreenBeam_Conference_Windows.msi
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal52.troj.evad.winMSI@96/422@0/0
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 3.3%
                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                        • Successful, ratio: 98%
                                                                                                                                                                                                        • Number of executed functions: 434
                                                                                                                                                                                                        • Number of non-executed functions: 0
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .msi
                                                                                                                                                                                                        • Close Viewer

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 2120 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 2412 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 2676 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 6296 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 6448 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 652 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 7228 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 7252 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 732 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target DefMic.exe, PID 7488 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 2188 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 2996 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 3004 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 3180 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 4812 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 4904 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 6020 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 6188 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 7724 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 7868 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 8064 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 8180 because there are no executed function
                                                                                                                                                                                                        • Execution Graph export aborted for target sbdrvmgr.exe, PID 3120 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target sbdrvmgr.exe, PID 3748 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target sbdrvmgr.exe, PID 5684 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target sbdrvmgr.exe, PID 6640 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target sbdrvmgr.exe, PID 6840 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target sbdrvmgr.exe, PID 7712 because it is empty
                                                                                                                                                                                                        • Execution Graph export aborted for target sbdrvmgr.exe, PID 7780 because it is empty
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        fp2e7a.wpc.phicdn.nethttps://s1uju.mjt.lu/lnk/Aa0AAHzeL-AAAAAAAAAAAdSAuugAAYCsqJEAAAAAACbqRwBlhaC6Hhgd9HAYTryUV8KUPIVVGQAkLwY/1/ztVpfPwwX37lBlYILcm29g/aHR0cHM6Ly9nb2V4aXN0LmNvbQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://pub-e6a01464714f4426972c98318dd3097b.r2.dev/index2.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://9061cf-2.myshopify.com/5Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://www.msn.com/fr-frGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://www.diyitorbuyit.com/funccode.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://pub-19b440b384f449bc8f30a86a5f3c6049.r2.dev/code.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://pa.167-88-168-44.cprapid.com/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://www.amazons-shoping.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://au.acsx.dnsrd.com/mygov-loginGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://smbc-efcsa.shop/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://artofreconciliation.com/pyyy/paypal-panel/cgi-biin/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://pub-5e1216f7ac0c4c66ad3357156574b076.r2.dev/American_Express_card_protection.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        http://8.210.167.75/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        http://telegram-11.cc/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://wada-mcy.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        SecuriteInfo.com.BScope.Backdoor.Attack.16183.3307.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://pre-support.com/?rid=7ZuompnGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://pub-deefeb5d00534e3992bcd5b787c594a8.r2.dev/jsnew.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        http://www.didotmsuem.com/?napsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108
                                                                                                                                                                                                        https://www.azabuotoiku.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.211.108

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\Config.Msi\5a6f3f.rbs

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):409173
                                                                                                                                                                                                        Entropy (8bit):6.659240650062045
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:sYK4xsB95xMzgFkesmW1XAOKoUSUU++VWRAItCco+:9K4xC95xMMFd8JUSWRAIUco+
                                                                                                                                                                                                        MD5:E63A8DB4AA83861B5AD2B89CEA2DDDA1
                                                                                                                                                                                                        SHA1:D0825668D79F56BBD7DADD697D8D272019C6AF60
                                                                                                                                                                                                        SHA-256:E7114E402B4E3C3128620F79D65D4825E26FC858EB7C6FF7F2BC774CC0EA8094
                                                                                                                                                                                                        SHA-512:1CB9C5C768352658DCC9711C76A98A8FFED3AD2681B16A20F0A8E1EEEC1ADCB1399D1F065DAA7016ACA3800EE4D067B7EF9F60A56D4742972374DAF2272C1832
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...@IXOS.@.....@L&.W.@.....@.....@.....@.....@.....@......&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}..ScreenBeam Conference!.ScreenBeam_Conference_Windows.msi.@.....@.....@.....@......ScreenBeam.exe..&.{F451DF01-DEEE-4799-9D74-C13F54F5C275}.....@.....@.....@.....@.......@.....@.....@.......@......ScreenBeam Conference......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7199D981-9853-484B-8139-2C2B34F1FA2A}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{EC32DB67-553E-42DB-8AB0-D93C26D64C7E}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{85245CA4-064E-4C9A-A44A-343774C760F3}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{041A7DD2-445F-4C98-9186-26507D7F21CB}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{842B369E-7954-42CE-9AB2-483659A134B0}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{83A516A4-A4ED-41F1-9664-F5C300DB76DF}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{D6B39E0

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\ScreenBeam.bmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PC bitmap, Windows 98/2000 and newer format, 128 x 128 x 32, cbSize 65674, bits offset 138
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):65674
                                                                                                                                                                                                        Entropy (8bit):1.2805694815835584
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:ShnSIinOAsEqANIz8SmIpCvlPPlU7ppLkzDPDQLXK6BWL3FoX5vD6qN88+:mlin5/NE2N2ppLkXPQX21ODPv+
                                                                                                                                                                                                        MD5:58B1F585FF6CF1FFBECD9E063D15663F
                                                                                                                                                                                                        SHA1:DE69F2894AA800DA0A6B2AD5564478352FC213B2
                                                                                                                                                                                                        SHA-256:5821322E5650C78A47E986C99507E58F79B507C8BD33C35E39FC799BDA9A963C
                                                                                                                                                                                                        SHA-512:D67164A9725CA4A3DF88FB102512AB8B27B56D5E7441105F03ACA6466214E5CE414BB49C7BBBCDD187CF7BD42742BD1BDA474FDD16F5E0CB1E0A10CCC6C3F991
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:BM............|............. .........#...#...........................BGRs..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\ScreenBeam.ico

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16958
                                                                                                                                                                                                        Entropy (8bit):2.3402736777188395
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:a+Ngz9wjTeE7144BQ2DFFnEbHIcXExGErQa2Nvv4wG:acgz9qaE7144BQ2DPEzEMErQaAX4L
                                                                                                                                                                                                        MD5:D75CA2815FA84BC36C36D18B6AD9048F
                                                                                                                                                                                                        SHA1:5353AE1430AC909C25484047713712520C3A2AE2
                                                                                                                                                                                                        SHA-256:3B156EDE48A466BDEC4FF5F230B2841899DF2B0A4ED7A645CFF72F7DC3CBC318
                                                                                                                                                                                                        SHA-512:008A5D9B83143AC59ECF5CC2654C2597199052B0876225CF32102188F192DC7CAA87F3D7DC76E03C76AB682884198DD6A5CC3DC3AF6993DD9A7C47AB85832496
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......@@.... .(B......(...@......... ......@........................................._...................................................................................................................................................................................................................j...................................8...................................................................................................................................................................................................................................J.......................T................................................................................................................|bT.......................................................................................................................e...............5................................................................................................................pSD.L(..W5#.......................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2246936
                                                                                                                                                                                                        Entropy (8bit):5.776355280166642
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:xFSSSusJVEDm2CNrmynmTF3P++3UEOkK59Vz4oukkb3KZ5:xFSSSusJeDm2WrmynmTF3m+E
                                                                                                                                                                                                        MD5:3FEBE8035D2184956A3B2FE126F051FC
                                                                                                                                                                                                        SHA1:39817F3422D527C4F111853564023F7726D02C2F
                                                                                                                                                                                                        SHA-256:7672AAA863BF1A46A294B8C871BD29058AA7834611A09D45D841C679F1B53E38
                                                                                                                                                                                                        SHA-512:7CB7F2E67E704F7786E484EF83621159DF7D63DF554632C378B2B2D5A8E8BDE782133DE42170814E6A76E4D0A90EF75F72CFE2DBF3A9C3CEF9D512ED765964D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...aI.V...........!......!.. ......>.".. ... "...@.. .......................`"......H#.......................................".S.... ".`............ "..)...@"...................................................... ............... ..H............text...D.!.. ....!................. ..`.rsrc...`.... ".......".............@..@.reloc.......@".......".............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):252696
                                                                                                                                                                                                        Entropy (8bit):6.354889816974437
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:M6bRKhjsomR8PpY82VG7gP2rxp+7vVNviPF1WANK+5:M6Yye
                                                                                                                                                                                                        MD5:6B87AD0CD5FF64442A1ABED195928825
                                                                                                                                                                                                        SHA1:698B48FBF08775F533BB12548243C304B386FC63
                                                                                                                                                                                                        SHA-256:1AE79BC33C4891F1A9DA4A371E92F07119342CA31536D6BFC7AD12BBB016E37B
                                                                                                                                                                                                        SHA-512:ABE8F021DACE83972A89A3A0D490E4E70AF9249036843AEACCFA2BAA4B4C43A49DCF9319A294415FFE5C8DAAD79E357A16833E9AD1FA5AF4246CE45C54401C60
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ............`.....................................O........................)..........0...8............................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4 ..4p..........h...H5............................................(C...*..(C...*^.(C..........%...}....*:.(C.....}....*:.(C.....}....*2.~....(D...*6.~.....(E...*F.~....(D...t&...*6.~.....(E...*F.~....(D....'...*J.~......'...(E...*F.~....(D....(...*J.~......(...(E...*F.~....(D....)...*J.~......)...(E...*F.~....(D........*J.~..........(E...*F.~....(D...t*...*6.~.....(E...*F.~....(D...t*...*6.~.....(E...*F.~....(D...t*...*6.~.....(E...*F.~....(D....+...*J.~......+...(E..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\ControlzEx.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*1647 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):843264
                                                                                                                                                                                                        Entropy (8bit):5.758644766369451
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:UmM/3QPubNiFGNnvG2TF6HeYNg9mM/3QPubNiyg2TF:l+3QmMFGNnvnTFSeYNj+3QmMypTF
                                                                                                                                                                                                        MD5:3C429F78E96B6C009A11E64711C8D147
                                                                                                                                                                                                        SHA1:92C0896C60437E5A3655214ED8EC507C21B8B372
                                                                                                                                                                                                        SHA-256:D1632349A5BED60C6CD6118A5559C794C6CD6B6E30A33B4AF0B00F2ABC867E31
                                                                                                                                                                                                        SHA-512:2972DF0E51F07E22AF84D9E76B3DA405188E6F5508346E844AA7197865EA68DBA79158284761888F109AE03A9BC94CF7E7F8E1CF3A46EA3D00B05FC0F57F5B55
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........o...........l...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\ControlzEx.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):172506
                                                                                                                                                                                                        Entropy (8bit):4.677612844082003
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:3WA8J2D7EiLCG8GkJiy1UTvKSe6MBGjy6CV4qIuLCbD6vFx03Bt3Xvt3fU:3WA827EiLCG8GUpU9CV4qIuLqez8JV3M
                                                                                                                                                                                                        MD5:5157BF5DABBEC676D862F0A008F0A352
                                                                                                                                                                                                        SHA1:970DFA0A6E4C4CCE6D6E51D19F3BAA217D3C826E
                                                                                                                                                                                                        SHA-256:88BBCE0EB7059680C253DB0B2F8DB11D284D1E5BDF44B7DD329E25E270B2A18E
                                                                                                                                                                                                        SHA-512:A341CF11652D9B6D75E04D52FAE99A72ECB317BC683D3836B1AA8D9968EC454B8DF496ECE70E88DA4CE1A4F6CEA3D789F210BDC27923197F105A4DEDC2E88240
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>ControlzEx</name>.. </assembly>.. <members>.. <member name="T:ControlzEx.Automation.Peers.TabControlExAutomationPeer">.. <summary>.. Automation-Peer for <see cref="T:ControlzEx.Controls.TabControlEx" />... </summary>.. </member>.. <member name="M:ControlzEx.Automation.Peers.TabControlExAutomationPeer.#ctor(System.Windows.Controls.TabControl)">.. <summary>.. Initializes a new instance... </summary>.. </member>.. <member name="M:ControlzEx.Automation.Peers.TabControlExAutomationPeer.CreateItemAutomationPeer(System.Object)">.. <inheritdoc />.. </member>.. <member name="T:ControlzEx.Automation.Peers.TabItemExAutomationPeer">.. <summary>.. Automation-Peer for <see cref="T:System.Windows.Controls.TabItem" /> in <see cref="T:ControlzEx.Controls.TabControlEx" />...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):736536
                                                                                                                                                                                                        Entropy (8bit):6.147082907993345
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:DXTxgGpJxna4ZAVct9dwZpnjHAHS1M3a9Omuju9gQiK9pJczINMyLUO7HEYZ:Xy4+cXdwfMHSzOm6ypJeINBbt
                                                                                                                                                                                                        MD5:9754D94F988D7E03E0B521EC0942C547
                                                                                                                                                                                                        SHA1:9A4BA9DE72AA5879EC995465E8DEF76F17D7F2CB
                                                                                                                                                                                                        SHA-256:CCB10743A786DA21CEC25DB8FF406193109701F2813FBEEAE1E0C5E39129DEE0
                                                                                                                                                                                                        SHA-512:D30B895E941640A55EB884C7D31A3E7269309EF146DBD2A8A6EE2C96C7DE899A882D05AF73F3B327D8CEC88C2E8A01A8892B66968EE32F1E0FC54806A3CF60EC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..B..B..B.......B...C..B.X.C..B.Q....B...A..B...G..B...F..B..D...B..C.M.B.X.K..B.X.B..B.]...B.X.@..B.Rich.B.................PE..d.....5_.........." .....^..........T_.......................................p......zu....`......................................... |..............P...................)...`..0.......p............................................p..x............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data..............................@....pdata..............................@..@.gfids.......@......................@..@.rsrc........P......................@..@.reloc..0....`......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):220952
                                                                                                                                                                                                        Entropy (8bit):6.357563805308744
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:6rhj/qfa2x0qDE5NmergYEEf0nbAJu0/VoVAh+YCyEvpfBIrnaScuMZ:W7qfapz5NmergbsJpVoU+PyEvpfBIWF
                                                                                                                                                                                                        MD5:41C5A3E5AB2253720DBC45F53486ADE1
                                                                                                                                                                                                        SHA1:BAE7332A06C34BD243BD94F51D37574D98203A51
                                                                                                                                                                                                        SHA-256:36AE8C7049AC1AA357AC2F0D48984E2D836E95679502593A8BD1265943A262B9
                                                                                                                                                                                                        SHA-512:8081E7E183192E70764FD72AF5BC3769E6847C31222307866586AE953D18A2CD000A06F0C7830ECCEA98BDB1D6DA5F5E3D27639B4CED648B79C43B517DBF1F95
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......|..8...8...8...1...6......:....F.;......;.............4....PO.<.....;....PJ.(...8.......PQ.9...8...&.....'.....9....~.9...8...9.....9...Rich8...................PE..d.....\e.........." .........h............................................................ .........................................P....... ........p..X....0...&...6...)..............T...........................@................................................text...~........................... ..`.rdata........... ..................@..@.data...............................@....pdata...&...0...(..................@..@.gfids..D....`.......(..............@..@.rsrc...X....p.......*..............@..@.reloc...............2..............@..B........................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):128280
                                                                                                                                                                                                        Entropy (8bit):6.421165608185727
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:3UfgtL9+VqiKW+JTKHX2tvJW5MqTJfFFfEu5ol7X2Um6c7NX7SekCn+L4oQ7Q3x:r9nJNJW5MqTFcu4X2UadlnDM
                                                                                                                                                                                                        MD5:401506FB887534ED7DD950993CD76C1D
                                                                                                                                                                                                        SHA1:EEE1F934B6F3B19009F31E9E2675B3C015828051
                                                                                                                                                                                                        SHA-256:2C87AA4CD2B58E20BF44D27EB1F589A4A9E22E84B6496BDE91CA54361BF0CA14
                                                                                                                                                                                                        SHA-512:BCE18C68BAC4A174FD7EA233161F75940E767016825EA7F5591CCB31DC9D53E3C8889BA3B34FDE41DEEE3F8FD61F62537F310E06943D4CCB5B4BC5AE0F0FBDE0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2..da..da..da...a..da..e`..da7y.a..da..g`..da..a`..da..``..dat&.a..dat&.a..da..ea..da..da..da>.m`..da;..a..da>.f`..daRich..da........................PE..d...X.\e.........."......F...........E.........@....................................r.....`.................................................................`...........)......`...@...p............................................`..@............................text....D.......F.................. ..`.rdata...d...`...f...J..............@..@.data...P...........................@....pdata.......`......................@..@.gfids..8...........................@..@.rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):63853336
                                                                                                                                                                                                        Entropy (8bit):6.731107600565096
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:9ZUUv1DLIy8a6qJWDa2g+qloXyxE8JebXXpiom2QAmS2dh:9LdIyW+UwoyG5DpkFdh
                                                                                                                                                                                                        MD5:7043BD72BA2D2DEFB319ADC246A86706
                                                                                                                                                                                                        SHA1:0010058F202A7C29FAA63B1D55A405BCC438B4EC
                                                                                                                                                                                                        SHA-256:5AB5A8A60885B27491ED85DFBEC3941AF79FDF979025869C60B5B3B7FAAD2C7A
                                                                                                                                                                                                        SHA-512:4DCF8851A5FED8CA0F760BB19380A8BE81AC1B0D1B92C7C8D28755B6BB00617103F739EDBDE14B394C4F5FF74B9041254F201C38245688E80DF7FBF083FFDEE5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$..6..&....+.P........................................P.......-....`... .........................................r........U...0..........0h...*...)...@...............................V..(....................................................text.....6.......6.................`.``.data.........6.......6.............@.`..rdata...{...<...{...<.............@..@.rodata.l:...`...<...B..............@.`@.pdata..0h.......j...~..............@.0@.xdata..L..........................@.0@.bss....`.+...........................p..edata..r........ ..................@.0@.idata...U.......V..................@.0..CRT................................@.@..tls......... ......................@.@..rsrc........0....... ..............@.0..reloc.......@.......$..............@.0B........................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14810392
                                                                                                                                                                                                        Entropy (8bit):6.598068367139124
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:196608:uPWnEwrmp+eNN9frDN/kAOJV/lzfEapne1:uPWnt3e7ZrDN/kAOvea
                                                                                                                                                                                                        MD5:E11DBA28D05D00C92C1CBA5BBBE475D1
                                                                                                                                                                                                        SHA1:4B0B3081D243C2C6D13C2B3E4F257E2F823C3F91
                                                                                                                                                                                                        SHA-256:9363678DF2EAE4F6D73066C2272D1E6E7A3BDE9515D3BFFD03D50F575C9A9D8D
                                                                                                                                                                                                        SHA-512:533742D4D390C3FC062805B0C8DAC48691095B6A74471297A8E7EDFF44135A2E54DB04A9A2FE25A4DED71617491073207FF637018E967CB51E4E87FC356BBC4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$............P........................................`.......\....`... ......................................p..t.......Hl... ...................)...0...!..............................(...................|................................text...x...........................`..`.data....2.......4..................@.`..rodata.............................@.0..rdata....1.......1.................@.p@.pdata..............................@.0@.xdata...V.......X..................@.@@.bss....`....P........................`..edata..t....p....... ..............@.0@.idata..Hl.......n...<..............@.0..CRT....`...........................@.@..tls................................@.@..rsrc........ ......................@.0..reloc...!...0..."..................@.0B........................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1300248
                                                                                                                                                                                                        Entropy (8bit):6.473555803675975
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:rgv//dfzgfczGYxgt0K8nKKqv74N4VmTUtzRbMsp5bJmAnAygYJR3fQp4RsaMquj:o7hzGYxg+twRbMspLmAFx/3OgNsz
                                                                                                                                                                                                        MD5:21EA93E89AF1A04321947F4D486E5152
                                                                                                                                                                                                        SHA1:1D497DB935622084FCB2F52EAC50C215CD012DCE
                                                                                                                                                                                                        SHA-256:9AB9A46B59B8D45587FC77A19E9C54B21FADF758528FD4852571D2E5D01B48DE
                                                                                                                                                                                                        SHA-512:DB81212FA9BA0A22F37ABA4B1863669B28A0F4DE8B6ADB9D0FB772FC130052D447F36E7C13FD076917CD7CE7A0EC94140394F0F395D2DA0062DBB44960D9B5FC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.`........!.P........................................ 5......u....`... ......................................`4..?....4..%....4.x....0..\........)....5..............................g..(.....................4.`............................text...h^.......`..................`.P`.data...@....p.......d..............@.`..rdata...............l..............@.`@.pdata..\....0......................@.0@.xdata..0...........................@.0@.bss....0. ..`........................`..edata...?...`4..@...*..............@.0@.idata...%....4..&...j..............@.0..CRT....`.....4.....................@.@..tls..........4.....................@.@..rsrc...x.....4.....................@.0..reloc........5.....................@.0B................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3310872
                                                                                                                                                                                                        Entropy (8bit):6.1327393024684795
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:mEVwASOnMIU6iW5GtlqTv2bAAO370ULehMxsI44Rk7ja0RyP6TvA+XfU1CPwDv3Y:hj+W3Z2aUVTvAz1CPwDv3uFh+
                                                                                                                                                                                                        MD5:7C8EEE743CF8259BF625674E41077B79
                                                                                                                                                                                                        SHA1:EE7CF802B28B0D55984BF18D03B51860B3E06F8F
                                                                                                                                                                                                        SHA-256:F4E11312599CE5EDEB29F6B026CB668CA3C50C263471B56B5551D3586AD014DD
                                                                                                                                                                                                        SHA-512:B2F9843983CFE5D5EC51A81776C200A9A2F62366AC6A243967D3C0FA017BA86802F2AEC3C0665DD73EA2A19BE132F02987FBD8FCE7CB8AEA30A8BDA2F0289E1D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;...........v.-.m..D...}..D...|..D...u..D...u......t...........b.........~...A.~....~..Rich...........................PE..d....u.^.........." ......"..........n........................................3.......2...`..........................................h-.mg...:2.@.....2.|....`0.....\2..)....2..O....*.8.............................*..............02..............................text...7."......."................. ..`.rdata..=.....".......".............@..@.data....y..../..,..../.............@....pdata.. ....`0......./.............@..@.idata..."...02..$....1.............@..@.gfids.. ....`2.......1.............@..@.00cfg.......p2.......1.............@..@.rsrc...|.....2.......1.............@..@.reloc..tw....2..x....1.............@..B........................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):668952
                                                                                                                                                                                                        Entropy (8bit):5.56608335889636
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:/Y1P32jyJMze8mAcZjAoBcY+s31L9uK4hR4FPdWKRMccMwJ/s9U2lvz:ve8mlbBcY+KhYrhMwJYU2lvz
                                                                                                                                                                                                        MD5:44E16985CFFFF9380F553CD24D124EAA
                                                                                                                                                                                                        SHA1:394D4229DB4B229AA5C07FB542150D37542516DE
                                                                                                                                                                                                        SHA-256:846A200C8F9E0A20CCA2AC6D9DBC5A73B354A4F539AE1B99074C9955510AFC30
                                                                                                                                                                                                        SHA-512:0EA07D122B20A1DCAD3C856F67B6C757A63E593BE499044C56BCE253D28EE9EB540A85872CDCFF7157D601BED84A1EEBA714833C83EC0DF51FEEB5FFEF292598
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]N..< K.< K.< K.D.K.< K.b!J.< K.Z!J.< K.b#J.< K.b%J.< K.b$J.< KEb!J.< K.<!K4= KEb$J.< KEb J.< K@b.K.< KEb"J.< KRich.< K................PE..d....u.^.........." .........\......}$.......................................p............`..............................................N..8........@..s....`...P.......)...P..T....$..8...........................0%..................8............................text............................... ..`.rdata...0.......2..................@..@.data....M.......D..................@....pdata...Z...`...\...0..............@..@.idata...V.......X..................@..@.gfids.. .... ......................@..@.00cfg.......0......................@..@.rsrc...s....@......................@..@.reloc.......P......................@..B................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):443160
                                                                                                                                                                                                        Entropy (8bit):6.5979594970111615
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:dQ+kly145LnrfH/XqqPGFTci1WC2li9XFSJr12y0d4Ghtcuot:unlyaPfXPuT1HyJrYdg
                                                                                                                                                                                                        MD5:39243818BF06F192DE2941A378F46DE1
                                                                                                                                                                                                        SHA1:E692EDC0FCAF27DAAEEC23255D11B041F516BFA7
                                                                                                                                                                                                        SHA-256:2D7226137808E2A059A9EF929BD2EEFCD9F3DAC5C740855AEEC855C34A0D4426
                                                                                                                                                                                                        SHA-512:5F81752E6EC918D2CDEDF0BB7339952EEB764C9E825ECACDB413F33A0A66833B3455AA130E4C291C63E4AC9034031A2902996D1C5D7B44C2B8EA6B2C5560F578
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.........R..P...............................................P.....`... ...................................... .......0.......`.......p..L........)...p..@............................Q..(...................@2...............................text...............................`.P`.data...............................@.`..rdata.............................@.`@.pdata..L....p.......D..............@.0@.xdata... ......."...Z..............@.0@.bss.....Q............................`..edata....... .......|..............@.0@.idata.......0......................@.0..CRT....X....@......................@.@..tls.........P......................@.@..rsrc........`......................@.0..reloc..@....p......................@.0B................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):579352
                                                                                                                                                                                                        Entropy (8bit):6.5967210076865594
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:7GvN1RaVaB3ct9DY6m0D0plE+Mb222+j5t9opFrybN1kmONjkvUY:7GvNiww+hMb2219opFrybN1kmONjkMY
                                                                                                                                                                                                        MD5:7A3B9C0DA3DFF00D6C1B2D925590C6E4
                                                                                                                                                                                                        SHA1:50D74C012A7C3F7436E244B4D92FBA3363473E7C
                                                                                                                                                                                                        SHA-256:4C99C47227265DF67F340A3A42BF0B5482935519801D3488AF43315141497C18
                                                                                                                                                                                                        SHA-512:0FDB7430009F884C0F59F6969E55FE592C1068A7CCCAF1767C6F4649104460DAF35C43B7F8A84D93F59DF941DF02BEA63DEDEA8DC777A3887085D9C4C42F4DD8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$............P................................................i....`... ......................................`.......p...............`..<'.......)...................................5..(....................q...............................text...............................`.P`.data...............................@.P..rdata...a.......b..................@.`@.pdata..<'...`...(...8..............@.0@.xdata..H5.......6...`..............@.0@.bss....`.............................`..edata.......`......................@.0@.idata.......p......................@.0..CRT....X...........................@.@..tls................................@.@..rsrc...............................@.0..reloc..............................@.0B................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):617752
                                                                                                                                                                                                        Entropy (8bit):6.365306354598584
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:m5iNe9qJewEisecAEJrt6D/vlDcjRW+puJtKbcn:m5iT41isecAEJrt6D/vlQjRWRJtKbc
                                                                                                                                                                                                        MD5:B951468C676A88FD291BEAECB742A451
                                                                                                                                                                                                        SHA1:AE104A9010B59194E0C795CCFBE64E1DE4507816
                                                                                                                                                                                                        SHA-256:3313FECB3D31417CD361D74163966ED29C6BAB0F608F76AEA2B29761C8C56706
                                                                                                                                                                                                        SHA-512:8C7FCE2D659153AB91EFFF25BA9C8850F8956BE6D4DECEF369B53ED2218D4111E8824FB68CDE720411571EE32058155A64FA6D7D1655D5BB85818C01EC25C865
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............dtG.dtG.dtG...G.dtG.:uF.dtG,:uF.dtG%.G.dtG.:wF.dtG.:qF.dtG.:pF.dtGf..G.dtG.duG.dtG,:}F.dtG,:tF.dtG):.G.dtG,:vF.dtGRich.dtG........PE..L.....5_...........!.....................................................................@.........................p......\y.......0...............D...)...@..4O..`...p...............................@...............(............................text.............................. ..`.rdata..R...........................@..@.data................l..............@....gfids....... ......................@..@.rsrc........0......................@..@.reloc..4O...@...P..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):207128
                                                                                                                                                                                                        Entropy (8bit):6.6689423827249215
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:VyrTSxfuvVlCcUfVVVVu1YFoT+V0y7DCcW1VoV+EoVKeUTP6cOAa2Md:UWcaVzuJT+37DOVorreUTP7Y
                                                                                                                                                                                                        MD5:38981F0FFD2C554C7E405C7453C9F5F9
                                                                                                                                                                                                        SHA1:7E9E36D8CA106ACB0C06C406F6DA670C0DBD7374
                                                                                                                                                                                                        SHA-256:63C9134D9C2F7FC96CCB7BABFDDB2737DA735A32FE9C4A0D2C7A3C7C2C639344
                                                                                                                                                                                                        SHA-512:7C6C298A8EAE7DD3F06A7C40901CDA888401AC86D09F49EA2061B593B97CA8A96D8D69716F4A9DDCDCFBAFA342478E1F49450A583FD1ABA58E7215EB67D2D3F3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......}.a.9.._9.._9.._0._).._...^;.._..._:.._...^0.._...^/.._...^2.._.]._=.._.]._8.._...^;.._9.._'.._.]._(.._9.._.._...^&.._...^8.._..._8.._9.._8.._...^8.._Rich9.._........................PE..L.....\e...........!.................O....... ...............................@......`...................................................X................)... ..........T...........................X...@............ ..X............................text............................... ..`.rdata....... ......................@..@.data...............................@....gfids..d...........................@..@.rsrc...X...........................@..@.reloc....... ... ..................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):102680
                                                                                                                                                                                                        Entropy (8bit):6.753605449946456
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:8Pv93vGQqmcKJbPhs4UZ2o4SM44VAajjHkzTNlEuWQ8OmHIpQ4GkqErw+4tmO6Xg:8N34mcKJbZCeAyDkKQ8LsJ4tmxXaMs
                                                                                                                                                                                                        MD5:F275329264A070699419C7D5571B90A5
                                                                                                                                                                                                        SHA1:3A51CF422374E11A7265AB7971D6985ABDACD366
                                                                                                                                                                                                        SHA-256:AD416F886B17E49FC55A1CDD64645A91BB5357983DB111A6B3F6A0CD0222C170
                                                                                                                                                                                                        SHA-512:DE23193179313171C6E2BD7CD23E811146412C975D8999C0C9464081884BAA9FC2FC52EB4201FBB68D80A9A89761E7D839C827E83BC6413BDAFE6D7D49BDA686
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.Q#.Q#.Q*./Q1.Q...P!.Q.J{Q!.Q...P&.Q...P?.Q...P..Q..sQ".Q..wQ2.Q#.Q..Q#.Q5.Q...P<.Q..CQ".Q...P".QRich#.Q........................PE..L...8.\e..................................... ....@..........................0............@..................................R.......................h...)... .......K..p...........................`L..@............ ...............................text.../........................... ..`.rdata...A... ...B..................@..@.data........p.......R..............@....gfids..P............T..............@..@.rsrc................V..............@..@.reloc....... .......X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):31070488
                                                                                                                                                                                                        Entropy (8bit):6.655668683463991
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:MVbJv2NcGjFg23Xs0qUANf0//O5U0zvhkHxc3gSEkSa0Lpb/GdMX:MbKjHCkO5U0zpkHxcHwYdM
                                                                                                                                                                                                        MD5:05B9514AF25CF75B03F43DE6D96C5E9F
                                                                                                                                                                                                        SHA1:1BD340842820CC8164EA397E521960A9A892B941
                                                                                                                                                                                                        SHA-256:20CBFE3DEC890C0189C9487F2071696E7A483E6356B766DC4F6A2216BB1C5C39
                                                                                                                                                                                                        SHA-512:8E160C16CA02C160D82C6477D013E9EFC09F252AC5C43DC33A8CA86730B6D604B65CA2E76FB8C4D38333383C00ECCA9003838188F4E29B0C2DBDAEADE8E1AC0B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....d|..6................|..............................0v......C....@... .......................n......0o..3....o.P................)....o.............................$.......................d7o..............................text...T.y.......y.................`..`.rodata.......y.......y.............`.p`.rotext.......z.......z............. .P`.data...P.....|......h|.............@.p..rdata...jS..p...lS..:..............@..@.bss..................................`..edata........n.....................@.0@.idata...3...0o..4...(..............@.0..CRT....,....po......\..............@.0..tls..........o......^..............@.0..rsrc...P.....o......`..............@.0..reloc........o......d..............@.0B................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5892888
                                                                                                                                                                                                        Entropy (8bit):6.443008829846382
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:HyFLLyoBzl9R5Vr3jEx06Jz2kBtDR4BsZ/rSukHuCn73jTyReZZFloHEnKEECn9n:HyFnyoRl9R5lAx06JDBtF4BsZ/rSukH/
                                                                                                                                                                                                        MD5:40BC06BF950B02FC8F90C4D475B22D8D
                                                                                                                                                                                                        SHA1:38BAA2A2D32A0282EF60BEE0DE369D578143B546
                                                                                                                                                                                                        SHA-256:88F33F70D3F13E723AAFAB0319CA6AE3ACC17A593396F78B2814638D4124C5F8
                                                                                                                                                                                                        SHA-512:3B744FD9B7E0D6F10164DFA53BA362422AC0E8EFF53A2C910C1E5B7A1538B12F116A65E13EDF41DABB07874002773D5E904C14A8538533A6151CF0F25954B485
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#......E...Y...............F..............................@Z.....d.Z...@... ......................@W......`W..H....W.`.............Y..)....W.H^..........................l.V..................... jW.X............................text.....E.......E.................`.p`.data...D.....F.......E.............@.`..rdata..4.....F.......F.............@.`@.bss.... -....W.......................`..edata.......@W.......V.............@.0@.idata...H...`W..J....W.............@.0..CRT....,.....W......ZW.............@.0..tls..........W......\W.............@.0..rsrc...`.....W......^W.............@.0..reloc..H^....W..`...bW.............@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):679192
                                                                                                                                                                                                        Entropy (8bit):6.515209418685365
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:9+T88wHM+RsWJWYYzVzJnCOO5/vY75Ash6HM+RAJgAniCkqm:9+oPHM+RsCRYGDY9Ash6MJgAgN
                                                                                                                                                                                                        MD5:50B756465A94C5F7321BB426BEA0740C
                                                                                                                                                                                                        SHA1:02805B98C397F3340553DFF718B5F45519DA030E
                                                                                                                                                                                                        SHA-256:722BF214781104DF41EE2EDC92B932B07FC9DFB6C60B7A2B235F49B737CC3B02
                                                                                                                                                                                                        SHA-512:D7608F21F3549DE6634E295AED77BF3F738D2E3DC84ED53DC74A50B6D231D104682D8B64507885E617F36FB99C15BAF350B985B89E756EDFA773CE6790A823D3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........0.......................................................c....@... .........................7<...........@..H............4...)...P...@...........................z.......................................................text...............................`.P`.data...(...........................@.P..rdata.. ...........................@.`@.bss....`.............................`..edata..7<.......>..................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.........0......................@.0..rsrc...H....@......................@.0..reloc...@...P...B..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2434328
                                                                                                                                                                                                        Entropy (8bit):6.265956298627825
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:DQ1VVA2kTpvTDuW8VNd1CPwDv3uFh+0nUx:DQ1Vu5DuW8fd1CPwDv3uFh+04
                                                                                                                                                                                                        MD5:3F307DA65A9EA8A2A4077793ED3EA683
                                                                                                                                                                                                        SHA1:17DBDBA7AC8C29D3E54EADA2CA51F6B3BA3AD42B
                                                                                                                                                                                                        SHA-256:2A697E118B5FCA7A445D228767E7976024F8ED00BEFE385B285885BE0677684F
                                                                                                                                                                                                        SHA-512:30A672DF6EFEDF4CD31BE5DDEE969E34BD4CA79665CEC24B4DD559424133A0C1A735802466C9028C3154CB7D733DBB0CEB15E4597C3BAADB67BFF7027F501CE2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#..eg..6g..6g..6n.L6s..6\..7e..6\..7m..6\..7m..6\..7l..6...7l..6g..6...6g..6q..6..7...6..7f..6.. 6f..6..7f..6Richg..6................PE..L....o.^...........!................E.........................................%.....]^%...@...........................!.hg...U$.T.....$.|.............$..)....$..... g!.8...........................Xg!.@............P$..............................text.............................. ..`.rdata..............................@..@.data....Y....#.......#.............@....idata..J....P$.......#.............@..@.gfids..%....p$.......$.............@..@.00cfg........$.......$.............@..@.rsrc...|.....$.......$.............@..@.reloc..D.....$.......$.............@..B........................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):515352
                                                                                                                                                                                                        Entropy (8bit):5.814347932090284
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:/J8sR6fYGsTRZ9vpHvG9ZiBgp/GidLzVaU2lvzXE5://Xsf8WaU2lvzXE5
                                                                                                                                                                                                        MD5:FF2683B115DEDBD238C80B3A7D776E6E
                                                                                                                                                                                                        SHA1:530C8D6B879806F6CE0E2FF84491A0AB37A16B2C
                                                                                                                                                                                                        SHA-256:E805797966BB89752DA2085DEEEF00873BEBB06197E2E0EF5135CD840045C016
                                                                                                                                                                                                        SHA-512:3458F28461B761B7BD7FA74344DC6DFEBACFE241AED18BDF4C2C8429B3A88B4D63B2F39EAC40464E0DD2E2EBADE3BF6A22E289484F875166A3D6390DEEE6A567
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.7..xd..xd..xd.b.d..xd.Dye..xd.|ye..xd.D{e..xd.D}e..xd.D|e..xd9Dye..xd..ydL.xd9D|e..xd9Dxe..xd<D.d..xd9Dze..xdRich..xd........................PE..L....o.^...........!.........0......................................................Uq....@..............................N...Z..........s................).......3......8...............................@............P...............................text...y........................... ..`.rdata...i.......j..................@..@.data....;.......6..................@....idata..3A...P...B...*..............@..@.gfids..%............l..............@..@.00cfg...............n..............@..@.rsrc...s............p..............@..@.reloc...:.......<...x..............@..B................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):334104
                                                                                                                                                                                                        Entropy (8bit):6.680975375210224
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:BNfWE1yQKJdyKqIi3AhrX49fCWM1xiWs7hjy+NY9S+yCod7yHVWjtEjPFpHEP/nN:BNfWE1yQKJdyKqIi3AhrX49fsxuu89C0
                                                                                                                                                                                                        MD5:58B7277716A6812CC481D5BC62BF8D8E
                                                                                                                                                                                                        SHA1:49BFB0A2786386D70AA8B3C4CAD25991C350AD6A
                                                                                                                                                                                                        SHA-256:3FAC4BEB258BC6358B1FB5F138C62C53FD2A6EEF42CF7F243AAFE303FB950038
                                                                                                                                                                                                        SHA-512:C58B13B70A715A7F4AD73DE346B62FD7A6572D5CC7766979904023563E6CAE907DF40F4EA51C92219956128AF4CF98D8AAB975F4DD0404A369A4AF0ED84114F3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....P.......T...........`............................................@... ......................@.......P..t.......h................)..........................................................pQ.. ............................text....O.......P..................`.P`.data........`.......T..............@.`..rdata...g...p...h...X..............@.`@.bss.....S............................`..edata.......@......................@.0@.idata..t....P......................@.0..CRT....,....`......................@.0..tls.........p......................@.0..rsrc...h...........................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):524056
                                                                                                                                                                                                        Entropy (8bit):6.610719737339322
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:Vvwyqf/9FGgiw8ed+wya6khNyY6DRmx51JT6cZijgkiiMiiiiiKNrrrrrrrrjkiE:VYLf/9FGgiw8ed+wya6khNyY6DRmx51I
                                                                                                                                                                                                        MD5:61039AA3B9B69ADD129278003C69ABA2
                                                                                                                                                                                                        SHA1:6A7EE14BBDAAB5001FD318B1BE7D7505EC602A9C
                                                                                                                                                                                                        SHA-256:732B526DF658AA22A1F38E51873600CBAD8C11050C92D9F9D1866847D77F3CA6
                                                                                                                                                                                                        SHA-512:103D01339E9FE8590C95C1085818A9EAAA161EF3DB490A03DCD7E9740DB03A58C5BE3AB48118FAA3A00AA04DCFDDDEE3F28E64E0FF05AA0512CFF1E59F9FB822
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....X...................p......................................9.....@... ......................P.......`..........X................)......,#..................................................<a...............................text....W.......X..................`.P`.data...H....p.......\..............@.P..rdata..(?.......@...^..............@.`@.bss....d.............................`..edata.......P......................@.0@.idata.......`......................@.0..CRT....,....p......................@.0..tls................................@.0..rsrc...X...........................@.0..reloc..,#.......$..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22808
                                                                                                                                                                                                        Entropy (8bit):6.651506432431069
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:zwmfOy4CLLTkOJFIQVgojDV7VIYiQ3SDAM+o/8E9VF0Ny0vd:Emf14CLnkAViYiQKAMxkEc
                                                                                                                                                                                                        MD5:6209B31C5BC27F4B116E3A8687C7C823
                                                                                                                                                                                                        SHA1:A6D7FEC24E0E9E3524C29CCD5AFD81E10DFDEFEC
                                                                                                                                                                                                        SHA-256:C7B92DCFC26AAD98D61610C34F507E147AFB36EA95D5282832A766A7C5E2787D
                                                                                                                                                                                                        SHA-512:9559BDF4D86E9C29162720E590E5C806A500519A1321F6AF63FA5F061737736BFAB8C04D56C4D7C506B67FA0D6DB18E74190ABA2D60179E2F475C4BE16E042BE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B..v,.v,.v,....v,.(-.v,.(/.v,.().v,.((.v,.e...v,.v-..v,./(%.v,./(..v,.Rich.v,.........................PE..L.....\e.....................................0....@.......................................@.................................D9.......................0...)...p......`5..T............................5..@............0...............................text...}........................... ..`.rdata..^....0......................@..@.data........P.......*..............@....gfids.. ....`.......,..............@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22808
                                                                                                                                                                                                        Entropy (8bit):6.652116338062216
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:EwmfOyUCLLTkOJFIQzRjDV7MIYiQ3MNhMNJAM+o/8E9VF0NyN1lOR:xmf1UCLHkADdYiQ4haJAMxkE5l
                                                                                                                                                                                                        MD5:C71620884143DCA41EF44CAD8C36F444
                                                                                                                                                                                                        SHA1:B5CC38FF1495D17FE99355592210A0312393C1CF
                                                                                                                                                                                                        SHA-256:E53AB2877112816B489490981FF40090B1C5F1372E10DB68F5910E1CE4BA4077
                                                                                                                                                                                                        SHA-512:2A7BC94CBB24C8D002247F2A677038E6CF2386788093183E1D0C524186CD4136C6D3EA8122C0D177C11734DF67BA0828149EA0DC2278028BC95EAC2FB39CF3DD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B..v,.v,.v,....v,.(-.v,.(/.v,.().v,.((.v,.e...v,.v-..v,./(%.v,./(..v,.Rich.v,.........................PE..L.....\e.....................................0....@..................................3....@.................................D9.......................0...)...p......`5..T............................5..@............0...............................text...}........................... ..`.rdata..^....0......................@..@.data........P.......*..............@....gfids.. ....`.......,..............@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Fizzler.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):45336
                                                                                                                                                                                                        Entropy (8bit):6.159051703653013
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:u6EWL7brtn44Esp4/S3d4WiQCijG6FWd3VmigYOIlS8YiQvAMxkEx:TECrt4I4/S3dHFyyW1O/87Qvx
                                                                                                                                                                                                        MD5:5D8EE58FF601EB80F129A053161F8506
                                                                                                                                                                                                        SHA1:67BE3A9A570B87EA3C279CADEAECB7B220DC4A26
                                                                                                                                                                                                        SHA-256:47196A1F7A9E7A5C8B87996F65A229F4F89DAF50F0FC54170B15A03959240520
                                                                                                                                                                                                        SHA-512:B79440C7A904D1E74981EAB54E32C1A31D68E77A1F6E09DA1E862C28FACE79A02292E93291F06CE3360CD4E8F2DA80E48BB528C160E0FC8B6B11A74101BD9B22
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..~............... ........... ....................................@.....................................O........................)..............8............................................ ............... ..H............text....|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......PH..LR............................................................(....*..s....*..s....*"..(....*..{....*"..}....*..(....(....,..r...p(....*..(....r...p(....(....*...(....o ...(......(....ry..p(....(....*...(.....%-.&r...ps!...z(....(....*J.r...p.("...(....*2.r...p(....*J.r...p.("...(....*J.r...p.("...(....*J.r;..p.("...(....*N.r...p..(#...(....*N.r...p..(#...(....*N.rM..p..(#...(....*N.r...p..(#...(....*N.rL..p..(#...(....*N.r...p..(#...(....*2.r"..p(....*2.rx..p(...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):107800
                                                                                                                                                                                                        Entropy (8bit):7.3326332611384215
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Mn5VJM3T5szyxa9PuIKb8wmtyYVzH0cfNbQSi/GoP4YNjZ34d7Q7x4:MWsEa9GIdyAUKWeYNl34dM2
                                                                                                                                                                                                        MD5:C323D8F5D290C283E447DA70DAB925D7
                                                                                                                                                                                                        SHA1:EC94A830DFC2D3CFBAF9013252AE85A360DD6908
                                                                                                                                                                                                        SHA-256:F6CF3ED7BD6AED254365A3CEEF7776C6597D1B1E0970C3448A6E406105178D1A
                                                                                                                                                                                                        SHA-512:E4D05C9A6316FCFAAA6B37EC96F126BFB95F802E32EA0E2D3B31776001636444071B19D40793B7831D32E1249F4A05FF9CE874416C4B084DB16A7C0735D58F4E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.g..........." ..0..p.............. ........... ..............................WE....`.....................................O....................|...)..............p............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H........O..|w..................,.......................................V!.)1......s.........*...0..$........u......,...o....*.u......,...o....*.0..&........u......,....o ...*.u......,....o!...*...0..&........u......,....o"...*.u......,....o#...*B.(Y...-.(....*.*..{!...*"..}!...*>.{....o.......*.0..9........(*.....($.....(......,..o%...-..,..o&...-..,..o%...*.*.*....0...........s'...}.....((....(....-..s....+.(....}......{....o....(....}.....(!....{...........s)...o.....{....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):130362
                                                                                                                                                                                                        Entropy (8bit):4.60579511535411
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:9rmrlEFROJHshjRXELhwgUgVJDcqpFEnzPTE9ab2ATsoJcYbOQDfrP7:lmjJy
                                                                                                                                                                                                        MD5:92ACD7769E2EDA756AFB18746CA7F875
                                                                                                                                                                                                        SHA1:801DE8CCB30816A499EEB307B2077614C54FEB2C
                                                                                                                                                                                                        SHA-256:CFD36E262B2F28FC37088965CDC82E58F2D18CBF469242451B1CE7811929AA62
                                                                                                                                                                                                        SHA-512:A96D6249A5B6C23381012E88AA6DB5390FD180FE03E8F3D45C1AC17292EB2CC7135244A6AF474BFC63253A258F622739FF4203A3E0E020D2090077A425B52F6B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Hardcodet.NotifyIcon.Wpf</name>.. </assembly>.. <members>.. <member name="T:Hardcodet.Wpf.TaskbarNotification.BalloonIcon">.. <summary>.. Supported icons for the tray's balloon messages... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.None">.. <summary>.. The balloon message is displayed without an icon... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Info">.. <summary>.. An information is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Warning">.. <summary>.. A warning is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Error">.. <summ

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):85272
                                                                                                                                                                                                        Entropy (8bit):5.825985821743684
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:8tshsMzA488PhOOUtUeOQiUDMM7o+fxrexgyn7ehoYfypP5JlV+ZkTjjuK4M0Enm:8Whs4A48AhWUehougjf4M0EnGlSCMk
                                                                                                                                                                                                        MD5:1DFA8600F8DD9D91E1491F37ECBE8B71
                                                                                                                                                                                                        SHA1:46B0B840F0616AF68F6491736D912E55BD2CBF60
                                                                                                                                                                                                        SHA-256:BAE5D1CCD2C00294995B851060A68D804BAD34A88F404F4A6334A391B682F1AD
                                                                                                                                                                                                        SHA-512:F896736C31D6CF533B55FCECFEB76BEB755475BA0270FEA5393AA96D227DC4E1482001655BF6A9419A7202E514E5414AABDD0EBE7F9E2D5F34335FD1A5D7633C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....U.........." ..0..............9... ...@....... ....................................`..................................9..O....@..,............$...)...`.......8............................................... ............... ..H............text........ ...................... ..`.rsrc...,....@......................@..@.reloc.......`......."..............@..B.................9......H.......D................................................................0..'...........o".....r...p(g.....-..+....,..,..r...p.(....+....9.......%...%..;.o........8..........%...%..:.o.........i.@........o....o..........o....(h...o...........(........ YD..B...... Xb~=B...... ..N'5[.. ....5).. ...;...... .#..;...... ....;y...8...... 72R.;...... ?.. ;0..... ..N';....8...... .p.05).. S{:,;>..... ....;...... .p.0;....8...... .O.45... E..1;z..... .O.4;....8...... ..m8;...... Xb~=

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 270 x 141, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3792
                                                                                                                                                                                                        Entropy (8bit):7.887872121533211
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:K/ezW07/wGkJ1K2sSc6ajjoEvfeKDIsqz4Td3bY:K/ezW0rwGkLK2sSczoEnTqCBbY
                                                                                                                                                                                                        MD5:C0EB03BD8E13870C565F248DBE9ED151
                                                                                                                                                                                                        SHA1:0FA4A9C75226C7B2518ABDE64DD86A7AC763275D
                                                                                                                                                                                                        SHA-256:BD5B34736676BDAE09096204173C7AB70DCED1E2B34BF7B9FDBD1335FB27AEE5
                                                                                                                                                                                                        SHA-512:C7D15675F272DB28BFFDBEFAB6F8B701855865EF7FBEDC1F44AAF7A56227A9D5279D59AB00FDD30BDCD050C9D3C03AC0FC98E26D24C6F58FE3E628B6B400C2EA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............F.g....pHYs...........~.....IDATx...u.L...+...0..x..PA.....*.T.......R.v..;..._.l.pl..Is........x..9.g...I...Y/I.>.B....B......j8HWM.Tc.1.g.I.\@$..ySBH..!".. .6..c6.^$Ir..)..D...$I..p...:.J.A. ..lD<....p.H2.`.r....l.0j...C..-..B..or...>T.1.g}..+^/..-Kqph.0F.hd<...........>/.O..!.C.z.....;..q-(..t..y...<N.....i..q.../..!.-.Sx.@.75>..kw..c.c6.......XL..tR.......@.'F5D..p.^....p..(.]..X..).K.......g.|w]...U.\.O.Az.......3Y..-.....^...xUf...R46P#..!-.k......<...........!-...x.....*P...o....]....r.yn......o..A.5..;=...0....).XJ......7....v...c.[,=... ..d....A.b......'.@...n9.......)d...v...k.. r...g......7..\{..C..D8.N$n,.,...t..G...y.!.._.M.A.HP..m#.b..q;....W.4....8...Hq%..."...c...........=....}.5.......w ..[.O.^.phC.7.Az.UG<......[>._ 4.G.l..Rz..O,.).iD.......... ?b.q.."n...........wR....# .e...Z.r...au./.... u...}..3....J8.p;...W.5j.n..F..@h.......=l6......5n#.$.5.7..G.<.....%..\W.:y.B..F..).9J.....h.#k.."XO>......

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 270 x 142, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3849
                                                                                                                                                                                                        Entropy (8bit):7.913354664814746
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:MwOPIaDxEIwm+R0wss6Vdxv53GW0etLNlUwgCLkz:M4wZwmu0g6jB5350epDUQkz
                                                                                                                                                                                                        MD5:D588CD052DDEF0FBE7445AF3DDA6460C
                                                                                                                                                                                                        SHA1:22A72DE52921597B37F39116F6DE38BD9B31E0BE
                                                                                                                                                                                                        SHA-256:4E9EBA27AB7A940105559D2E6C2C75F81D13DB14868E17FA510255AB90EE04CB
                                                                                                                                                                                                        SHA-512:8560B3BDF3CD428AFB9E23D734CF2609110DC1DB0FF9DA9D087AACB6C54F45EAB2DFA706806B192EFA0077F10B47FE44D34895A06DC07DD9963C40959C7E6EF7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..............v......pHYs...........~.....IDATx..r.V...=.i_...+.=.n.........6M.+.t....LUL........C]A.......v..B.(..;........D..y^|...eY.\...K..@)..%..a..z._g...WlL8 .Gxh..o....:.+..x\5%$..#I..Rj..z....B.r....F.y...,.I.i.bB..V.-....b-.I..(..J......zn w6...._N.l...E...@.............B..r......Q8 .z.t...!;.Rjh....E......k.+[...AHg1..^..4$..k{..!.-.x..`.B.N6.p.....O._p.p.t6.-*...R.$g.a..+...7Y..3.@....-.P.W...{....Qe]...<6....s.$...!.......of....'.4._,.z>....a!..$i...G.}WLO_..<...8.h....fO-O..6<Z....Z.;..i[.[QI...hu....4.z6...s.>....1D.%..-....H_..I.8..i>...p.i.U.d.e=.#.....rC.m..1..4...T.....m....nm.z..+.+...{...5.k}.../..X.6...{.W...e..*.D.x}..m..$.....N.L,>3.j..(.G.o~|hs3I.).....F.}...B.0.ID`M_..h.........i..P.0lc.9......}..........xH.....m...s...@".2.>.C%...F.8...,y...o...>C<.{^.'..?W/m..ol`..&.,.e!.C....\.....y.H..y.y9...5.C.s'..AY?.u(..h...=.`...@`. 8+.4..t..b.7.>t.:n_.!^.6.A.P....b1q..Wa`..."bk......$,V..._....Dc....=........

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 222 x 178, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3091
                                                                                                                                                                                                        Entropy (8bit):7.748757104260975
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:Ozr3tf7ZmN+YsCUvG6Xe0JP1nTcHxzcdDyk:Of3tf76RsFNP1TcHdcH
                                                                                                                                                                                                        MD5:762CB6652C46433C45923C206A084D36
                                                                                                                                                                                                        SHA1:17C7535D398938AC7ECE0B282F7DC2546671F88C
                                                                                                                                                                                                        SHA-256:2C2296A114FD628439AABF48407F8CD8E004EF050AD80738FF2153174826D839
                                                                                                                                                                                                        SHA-512:CF939CC195BC551719FA9908826EF8E9E5E5B594BFB2801FD96DD7C9FC1FE78438AAE101B4267B311268FE1E21140D61906EA7A94B8DDEA2AF5300F55159AED8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............-Qq.....pHYs...........~.....IDATx....q.F...'..T`..1.....A...T`..K...z}8.. b..+.X.nV.@.Q...v......C ~...7...f..(3cL&.....HS)g].Y9.7p.^^.sc.1..7.....s...^...mi.y..Z...S..v.//.w.8J8..[..C.'Z...........YK..>..<..-.O...`......W.....sO../l.&.i..~...G^.:....../......s.5..:.l={.jJ..;.....Y/..\o ..=.x2^.....F:c..M..3..?..Z..._._......^n.....iV....L.....U.\'9......A..y^.K...)xU..%xkB...da.p9...Vz3]..........'.O.x.....].....4[....&M3W..s.4s.k..x@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P...==yQN.1.1?f..._......Eyj..4.d.....Ei.....4.f....W..jF,/.wyQ^.c..c...]..........[..^...+%p}..c..E...=.k.3......K.....s*USD../N..U..j*"D."#m..........!x.Yx>#..../"yQ.=T1.}..%>./..:C.d....K......<@.....<@..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 222 x 178, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3352
                                                                                                                                                                                                        Entropy (8bit):7.781478018163998
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Hybzkz9CNucIWyG2QWoolFbISVkcarNQrFdQWr2LuU8NSuNyGwTCBPP:SPkXc/0tlFK/6rfQWr2K3N2GwGNP
                                                                                                                                                                                                        MD5:E1DC2FDCC0BEBDA25870370810AEC056
                                                                                                                                                                                                        SHA1:449DD99E8E57DAB2B3F7BDA5A526D9438216DDEA
                                                                                                                                                                                                        SHA-256:0FC418DF00D31D577D5118F7E99C521D3E9B34E3E2B018ADF6BF196E2CFC6BF6
                                                                                                                                                                                                        SHA-512:89D3B1549C0FCC051BF8D742E3878CDEEC41B40C9605C1E24787C7033F56579A33F5FA9F22BB9B480F0D5D2DCC3C325B45F7D5B565120E87BDFAD096588EEE85
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............-Qq.....pHYs...........~.....IDATx...Oh.....gBon.{.oVh.)`..B.K.u..i......P..|J.-UJ.-=D....".....J....w..Kq.u.O.Hr.WyF].gf....~`...h.......>..y.]$Y~ND..u..F.0=........U.,_..5.Y....4.....q..is4...nCDn..@.m..&.|a..$Y......3..<......=...J{...[..{...i.v...zq..+e.{..I.....j.N(..."t.`.j.N8..$..E..m...f...=.^..0.Y.....,..{.W.uB...f.......n_.c:M...sNgn]..i......s...k.....4.v9r.h.,_......7.8.*...-..x>A..._.,..~...o../.T=....f`E3..Q....p}.-~..R...|...._..t..:...X..:a..m..j.....0.... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..........$..'".".|sb..E..K../..N. x......7*....~.d..".....]MO%Y~!..D...Ms..s..[..v! x.r......+...F.....G.....|...I..;...:..$.o...M.I....v.........D...0..y$...Hi.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 222 x 148, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2663
                                                                                                                                                                                                        Entropy (8bit):7.8546722798230695
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:bloa1dM5gHSWa2YbzMdWPT9AVVgDgbgpHUE527KO2l/+Gv7xM+kqWiAVs8GD:bloaXMqyVFbzLPT9ajbREc7KO29JM+kM
                                                                                                                                                                                                        MD5:595E7237E9B0781E215FF9AC84277812
                                                                                                                                                                                                        SHA1:3892A426B859C01F72AE5896D0EABB8EA880D2FC
                                                                                                                                                                                                        SHA-256:E55EC67772DD38BD805FBEF833D89E9D59AB60C5A6FF5C5D3681FB18B57CF254
                                                                                                                                                                                                        SHA-512:A727B47A9D82FC188E337B7B6B431542001E018282DE835B15EEE0B039D5F68E35FE8E99D50CCC2B22D3F26D09706A3EC36B1D62141F44186BF9551BC9DA75D3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.....................pHYs...........~.....IDATx...MN.H...h.{.....iV..h.N.j6p...9...*9.p.....}.INP.....".q.1..a..a..IH..$3..t..<??.Wi...c..1.~.~...@..,.1...cL>.%.m^.S..,?3..c..`...1....p.a..)p......F.6'M..5xi..+....@#O..b..o.^..Kyc.........|>K..~.6x.Z^.^........T.............iLW...Z9N..rk......H.<)?...i\w......,g..{.....@.....J...'..-..L.>NZ.m..s(..4..Zl...Ba.:.0e...h.~.;[..f...W}........gI....._.m-...2.y5.%,9..S.s..>.....Y.zb...i>K.....:o....^......2......K.B.='........ x@.........< ....@.......... x@.........< ....@.......... x@.....W.t.%..=..k6...X:Pk9.....z.f..NNN.8..pi..s\..CgXN...W......jz..z.Y.R....?0......*.p.s.E[ ..H../..q>.2......[.(jj..W..ll- ..hM..........r..1 xpfg'.,...."y..X.Z.i....hI...N#|.N..>..W..e..b...lF..X...tU.4..-..F..lS../.4..2^m.....U.]N.......W*....i]..?..p>K...].}..}=......y..u..P.Sl.*.<.{....R.z...kkv.....,W....,Y.Y~RY.8).k.1.|..I.-.......-ke..'..x..*............m.~(...............z.@..-U...Z..;...^....V...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 221 x 148, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3184
                                                                                                                                                                                                        Entropy (8bit):7.8630900763236635
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:drWWpxOzppKlElCWBUd1ag5x1FgtWOrfZDGvNXGVruN5P19aLRFzsIMaXB8cbjbw:5WWiq0IqgrgtRRulGxY5P1Ozs8xVbjM
                                                                                                                                                                                                        MD5:F9D12845496D41C905CDFE83184D5FE0
                                                                                                                                                                                                        SHA1:C944C50F5F18733EE9B14AF920B82C520BEF7413
                                                                                                                                                                                                        SHA-256:4ACF83EB735FE18D1F966B6C041E1F21645CA49E98688AD7DD3B62E75B8C159F
                                                                                                                                                                                                        SHA-512:74177A75F62ABCD2A4180DC548BE047C5B48A647D4256F9C8CAC747B4F6C6B9FCFA35F88AE5A3CE954D92A06A992FD573761409F989EBA1BD4A0A145C4734518
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...............,.....pHYs...........~...."IDATx...}..g....\.I%.D.....)\..sA.B.^.8.V<..L.......%T.E.5..Bs...R.....S....W.......PmK.D.z......<......<..<.......^fw..~..<..R...........o3q.L.z....5.`......CB..4....q..6).\........Q.....].....8.^\.h..].(]......L...D......c.v.a.$......T....n..V.5Q!...n......Gd......5.}.E.c...i...KB.%j..#.j...,X...j.i.7Q)..a0.LM7..&*.....o.r...9/..DM6.C....\2./?.+..q...d/<Q.Hm5".}..Y:g....D..&xZ. f.I..*J.n .k.....%.Gd(..}.x..a.2lx.(.G.@_2.dP.C:tk..x..|".........'-2y1pD.M...F......8.Lr1.n.%....#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r...N....]..2\s.v.:*....U...*...f:,.5.`.J.....@/..'...E....*CGVI..z.o........^.`P........r{..#u. CGVD..5...-.DW..m....x.........0t.....a.W;j.k}fo.(Q..p.N5.[/..(Q..{..~...8'5m-0tdL.@F..K........D}.sY.CGF.....[S.Z>...(Q?...(CG......R...$...b...}..{^b:x.|..c.(.......}...<5...;Q p.d.....s.^..f....8/...k....%.c.`.j(J.@...(Q;\...2.4<L.e].....J.V.8...a.^.?o..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 253 x 179, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2772
                                                                                                                                                                                                        Entropy (8bit):7.851913113424136
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:G+UxoQP8H/vKEr5eICimez65udPQcAAWraa1laOfe+aAbJjPvtuJRXXvjkkDP2Fk:GH+RH/3eICimezGudPQDraawD+aAdNuB
                                                                                                                                                                                                        MD5:74A7E29DFA61300BE1EFD9F16511C472
                                                                                                                                                                                                        SHA1:D4D077D4F160C4BC1F8A783A41BF73C3C90CF473
                                                                                                                                                                                                        SHA-256:70301841B123395675665F7B9A4A95ED658E6E499655C9B9F9123B11B6C59271
                                                                                                                                                                                                        SHA-512:A6A661850B4CD0D71543B38D87F0B65C8F6D76CA0F497267927B9D5740A415816C94EF3AA5062545570F9988503C0A2CFF9BF6978D0C3268E32F034F7034D5DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............Bg......pHYs...........~.....IDATx....q.....F.R.. J..1x7SA....LW`..H.\...@... b.b......-S......~f8...$...v......bR.M{i...sc.U.....I^.UY,..}D.^B>1...:...|<.cZc.b.7....Mk.~c....U.y{4.........zi....>.U....`U..!}_...M;3.|>....so..Ve.<.+.7.u.K.NW.p...d...;C/....?..aZ......?.x ...j..z....K....ql...xf...M.t...B..,}{..i.%.6@g~.q:.t......a_.....(...".C..~n..kK/..?.?.N..FU....{.S.D.i.?.V..y..F.....,...cU..SU.3i..#..Mn.......<.|$.x.R7.m...|...7.\>....~E...F....>.....qC..T..}.f.W'..k5..E@......P.$p..A...z...e.$.$...(=.......~.....=.B.`H.=.....!.2..P.....z@.B.(C..e.=.....!.2..P.........k..%{..F..Jv1..z....2.M.GU..... ..!-w..J9....i....gL.>.}.S.T......!.8.B.....=..-.w.ze.}&$.#.. ........qF<B.$u.K..?.%0....?..i'rZP..|,{......"..$..........{.S.^.o.c.B. 2...`D....n^L.!..?..i......Jn..UYp. ..........;.:.tt....n....;.l......D....M.;.D.{......i4..w.n...{.<k..../..wHF.?.../UY..c.i.....#2.?..i.;.S..m.o..C.;.Ui.SVk._0.cac.n..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 253 x 179, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2861
                                                                                                                                                                                                        Entropy (8bit):7.836636045012349
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:G+z4CjGMOWHLHvpYObJBFm2V3qgnUcfyGXqyvZYRjKiMWmj/iIklqF7:G69OyLSeDhqwUc5Z7WzqV
                                                                                                                                                                                                        MD5:925415B41EE4AC0784F3303E037ABC1A
                                                                                                                                                                                                        SHA1:F2D643686EC728B8362FEC0CABB9A2F3D815CC1B
                                                                                                                                                                                                        SHA-256:0B048F9F820EE144C174A80E36D8628778C2332D625DFE6F73E42BADA6772DA4
                                                                                                                                                                                                        SHA-512:961E67F904ECE58E0A65D9F7035DD3F892087940AF33713D8E1BAC99F30853B472272295A1C9D6FFF92D404E048CFA9BC74A8D2AD5BA6BC5C2C17EB58F00A4D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............Bg......pHYs...........~.....IDATx...?o$I...WN.vy.h.!!......Q....aG../.9.2.}...o.q.!.aG.'$B.'A.Z.....D.:=..w....y.....S......fu]K.EU?...(?....e...k.....'"2.?.^2`<....D......W.6...LD..Z2`..EdQ..U..S..a?.J..4\..0.G....U..K.y..R.iy]..Y*%......"..VK...........}Q.v?.z..t........H.. G.w_..F..k....a....?.;..N;..~.........$.b....y.g......>...[.q..;........[.k-.>p,.ZD.tz...S.]....@}..A.,.l5..q].....j.y.g..........t..B;.|..g..#o.Y.[..$.0A..]..z../..>..g.H..s.Z..gw..5.L'.....sz...pF.a......'...2.F;..l.vX.{.......U...C>Y..&3.....B`[.6.....7.$.M.....H....!.1..0.....z..B..C..c.=`....!.1..0.....z..B..C..c.......u..'....7.c..'Y..].>!z...+t.5wT..wzK.gg&?H.....JS..=V.!sw..n..C.....}.O..>...1.~$.V.k.9...!.;...<...>8.. B.CEU..$.m..y..M.~...v...c.c..!;z.".[VT......z.......u..p.(.....*.f.4...J.T.:!.[.......o....Y.}...ig.....Z;............v.q48.#.........C".....k....>.......CiIz.b..}D.K.N.\..t.%(....D..}..h.c'.}<+...*.l../....y..U=..iG.S..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 270 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4883
                                                                                                                                                                                                        Entropy (8bit):7.914101756064351
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:b6A83M4XnLKWlUDfwHhm5n3/eDsdVqDXVkaEcqVsvTywA2RTt9I/X:2gVUUDfUm5veDCyCXc+svlAuD4
                                                                                                                                                                                                        MD5:DA5EB66ECA9B3E5F4F445D3B619632D3
                                                                                                                                                                                                        SHA1:86937DB672C9C0EBA708E7AF84973766328B69D6
                                                                                                                                                                                                        SHA-256:810918B484FBDE0576A12C3C69B15EB429038241D7A73608C2A3C276859EEA12
                                                                                                                                                                                                        SHA-512:FE884FD67472D7C3D59280CBBB4923939407707F7A91022B9EBA3F817744793F948D435543F23B89398E94CBE16394FD2B24E0232A869351A2F892C6F03850C9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............e.......pHYs...........~.....IDATx..Mn.H.......@..n.A..Z..`F.>..X^.:..".... ..Z^...O0......]..~..2..".....B.n[")....W...lH.l.E.z.VoD..<FQ..M......#I.I.E.(..Q......q.m.E.Q..g..~._.H8.4Sb..X....0T....$..6d.E.I/GE.?(...M..!}g..........!..S[..4^....$..DQ... D.O.i....*....!....".....?P4...,I.e...p..J.5..4..|..mUp.........0...my.8.E.>.....#X.A.dq`_...$...!$..R....CL..).am\.....z=..\..H.T..S..\.<#(...R..OL...).d(`....Hx......8..`%.1E....4...e'<..",.p|.....1..|B.?.cc...O8...0...B....\.Ih..5<..p...:.Pkpm(..1..?B.V.S^0....Ag(!?...........(...1..B....!D...."..A..C. ...p.B.P8.!b(...1..B....!D...."..A..C. ........4.........M...(.../..$.3(.G.B..^..9.....I...u..Ykv.'mC......]...C....$...I.!.@...L.[......*...".,..l.s\'1....hN..ua...%...j....(.-S..3..U.D.Q@.......d.`....-.m..B.a.G.$i.....D....l.4..7$........*.D...q.0.f\.....|.....2.Z.....!I.)....[=`B..1d6sy.].#7..){..c!.XF...C.r1.-......,O..5^.,....J..I.}.Mcn_.3(.....[..'...........$.c..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 270 x 181, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4970
                                                                                                                                                                                                        Entropy (8bit):7.918801585601483
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:2r4vQ7uUlkbxDAzBD0YjfvoJUCHbE80PClwBTwxcZWty:64v1UODmBD0QvoJUCHQ89lwBTwKOy
                                                                                                                                                                                                        MD5:806C821E92A332E9027999A80CA6951E
                                                                                                                                                                                                        SHA1:5365566E77705238BAC426A2E396B83C54976049
                                                                                                                                                                                                        SHA-256:384A13D89ADD5A0144C9722D3ABA7893E45B4495E800DF557BDE5C7E84C8B792
                                                                                                                                                                                                        SHA-512:75D771C510758D7F4B2A75980040ED74326B63F2CE4BE8524EC4CA10E3C083FFF176A95E909A812A122043461F3EF1F5DE98027A704021B7C06D8D71241794B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.....................pHYs...........~.....IDATx..?..X.._...A......]r.....i......&+(.........i......$+$..MJh6..]....FP.........~..g.~.~$k....v......E."...... .N.RCl...y..(.6J..Rj1.......[.A.M.R....(ZH.J..|..t.$.....\)u\.^.....R.....k.W.p.a4..J....l..u>..tzr..V.>!G...!..^.w..... ..J.......r...]..{....A..}.}............!v.....;.p..B...a..}..8...%..O.0..z*o..K..aw........a..L...R....HwH.ULK<T..G.K.N.N8.0.+.~g...H..\....Xv\Z<\W.Q.%K,.:....}[$.,*.7B.....Z..|.k.}...P...E`Yk..Zx.c.N.=.......*....x.T...@..-*d..,Xv\....s..C....#....H.wi...j...%.$.z.T8..A.._.K.!yP8.!b(...1..B....!D...."..A..C. ...p.B.P8.!b(...1..B....!D....".=...h.80h..ku.....^(..."1.H.,...}...F)...,....E....f.b..m.x..1.].. .n ".6.&..p.@J,..(.E.To....h..$)...B0BP...4`..........B.....Q...s<..z..a...I.!R(..i.`.y..z......K.b..8..}.A..9...H4..}^.a.a[..Z.%..h.+....M.,.....s........%.P8,..........-..... q...".$..:.&....Q.........V.+.HK..s.....Q, .."r.A.s.'IC...|......U9....f..'...mMm.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 567 x 129, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6725
                                                                                                                                                                                                        Entropy (8bit):7.937534717511396
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:2+EjDf5Uv6WEYBKP/Biu5os+SCxOUOKUWpo:X8DfBOKPJhUxZG
                                                                                                                                                                                                        MD5:48EBA9C316231F11C1998893BE69BF0C
                                                                                                                                                                                                        SHA1:90A3A211DCC79071BF2578B141741249A04949EB
                                                                                                                                                                                                        SHA-256:25C37F6ED819BB05A22FA1846618C7D54C78CBAD856E03E71FB1CB5939FC3B19
                                                                                                                                                                                                        SHA-512:3C12AA33D1701FD3CF809B26DA8F64D776C23C2C9EF5E91E63E2C922B558407DA71629E9BB5BFF58777A3220E16A91BCFB0CFC10D52E3F86D598A74738E03FBE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...7.........<$......pHYs...........~.....IDATx..n.J....pN...V.m.v. ...J...z.(W`.."_..j.....C_....]....D.. .........p.|~.. ._J.>..y.W?~.HB%.7I..I.......I.<..q..."..B.S..7.43.N..f.$.:I.%..!..2,..7Y^..$Y$Irn....y'.....B...B.+..q.=.......BD..M.d...@...9.).o.<....MH.@..u.}..m.HX..;.7Y^.B.j.~.e'..8]{z=B.....7Yh.x...E.....;.<'.y.$_j...d..>l...,/../;Z..&.t.......dq9..D|WLk.....KG....t"n ln...s.P...p .L...=2X.).4.,..8.uy....@.M.......(j...{dP.|DJ9.u>.d....8.... ."l.s.-B...........c........;/t.M.W..3...JX+4n .....oX(.$.|E.'!...._c].^{|.U..i..ZB:........R.Lm.>.5h..s.+^jn.....)J.a....u..0..l)g......=....#........|_....`mP..t.Zv.......+..X3b.-.8$jP.QX.t*n... 8L..v$..25..9....7.;Y^,-.......D8.~..o.miN...%.3...}..<rc..mm.d.B;..'...._.?..5:b4....9...."..n..]..?.oZ...?5.f.....w.}.x....#.....vZK.R..dn..K}.)...:...;.7.[.u. .lZ6c'{...N{...0.......E.>rL.....?..!........wD..Z..........C(n...Y.]\.p5...G~Kn..(.+....x...XwL.|......u.`.......B....9.A.gf

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 568 x 129, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7061
                                                                                                                                                                                                        Entropy (8bit):7.941053016684348
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:66peFSyCa4BGXRW1KccnFMF+0okbJMElBFIn19Bwsg:66pq/XRW1KluvlB21fwsg
                                                                                                                                                                                                        MD5:8D0FC1A1FCEB9CCE3A3BFE72EFEA4472
                                                                                                                                                                                                        SHA1:23EC34BDEA36CD6DDEB3E1C01B64BFA116E8E3F2
                                                                                                                                                                                                        SHA-256:22409C98257A8C94F09200884ABAEB688948F1F5381E493D39A06802432805F8
                                                                                                                                                                                                        SHA-512:FA31F204952C8EFF34F4F2AEB913926577DB49FC15DBB9A1D7A65D4E8F6E7DC485DD231ED65FECBE6DAFC8373902780605CC5D370A1B0FF6F8D024D3534F07E1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...8........../.b....pHYs...........~....GIDATx..O.$Y^._....P...U..A.P5x.d...C.,v...8U..EA...".T.,. lg/...Ja.=.T..1@.,\."L..eA..x.Ng.Q....~.;:;3..^....@.P..."2....M.<W1.f..R...>....(...B.!..V.Y>RJ.K.....R"t.......!...(A..4.w.R..6......#....KC$..BH..!pJ....).(t.!..;.."...Rj&..<'...4..!n.Zl.X@.L....o 6m..f....K]c....{[^3n..YM.........&2.e..&pp.N.Rw=..B)5...g..K.. j.!lvxW.p...b.....gV.....~...V..... x.6.x.(rHL.Y>..ik...qqO..I......d:L..]..N..".DA..b..P..c.H/I.\....>.....W....)..!...rl....0...&.$.a..}.>..|...B.0&B....+......i..c.'.. .y.B..5...dK.x..bl...|.3.....e3.QB:Ei...[...J..B......I.,|..D}.NZ.0.....nn. .N`k...E...<M..\..5W...T,E..kr.....5.HHc(n.d......=i..:,......Xo......jf...@..1.E+.i..n...G...H.T..E_,8ur./Q..x..A..a./.V...l...8.(..d:......h..{.........</CK...S..T.{.r:L.,.i...E.b:L..A.R.wZ.@}.....,..{..r......h..4..c.e.....6.....d...7'by.j..7....t....-X.M9.H"$h......\..S.`.G..e.r..!^(..3A.6.P..BG6h..O...Z$t.L.......].M..u.1Mv

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Display 01.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 563 x 325, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2540
                                                                                                                                                                                                        Entropy (8bit):6.029624423166828
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:3JQDjGsqI+5N/34s0edxb3Q2CjQRc0Yp2TsooCHasqh8nqbEDlOK:3ls65h34sHxbQ2at0Y1ooCH5iIpOK
                                                                                                                                                                                                        MD5:5D31BEF0D0FB9881CC6B132DE1101745
                                                                                                                                                                                                        SHA1:DF96187E5237134AA9DCC93CFAFA66627357A287
                                                                                                                                                                                                        SHA-256:49E3EE10632BBD9A521AC129B83A6EB212AB2A3113F0C8FD1F8956E3B4436231
                                                                                                                                                                                                        SHA-512:635B7A45065F9CBB97FA1A5FB12C1825DB39CD2E92B84F432D61259F92B68A33168A81A52C9564EA8E5461F9449451494C6583D734ED7F8AC5DA5CC899A6789D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...3...E.......l.....pHYs...........~.....IDATx....Q.....*..D.".....8....#0..E m....7....2...:.g.0......<U.T.hP7.o..t._.....@....}...^)e.>.J)...7~:...{).r^J.f....'.{2...}...;..~TW...R..t2.......b.S..R.{?j....kO../....1.&15b>.j..Hj..m3.yV....a...R^.r..7.[.....z././n)...A...n.P..i....{.....&ki^=..B..xA..../.`....`.<.4.Mf.....j.L..>..b8.2...9k..N...C...%...a....i.dN]:.`.../.........!...v./k.i.......;.u...._......V.vok........%..m..c......-..1..5.#}..1.cl.....Zk..x.....d..w.3.e4.G8..trga..@.3j...z.(...d...j....g.........;9=.0Z...:..i......Z......r.....o..D..x.6.9.<i.y..M.'w.....-..81.J.....\zj....5.........>.....:...2f..rCb...Z[...d.....\>..SOO...h.Yf....zum{..3../M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Display 01b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 564 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2534
                                                                                                                                                                                                        Entropy (8bit):6.187458781872805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:nPbQUi5pmkex74IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIU:nPbQUN5+IIIIIIIIIIIIIIIIIIIIIIIu
                                                                                                                                                                                                        MD5:C50A9E7C951E3A00869A77173F05C5CC
                                                                                                                                                                                                        SHA1:C308112B2685F993BC89D0FD242566C09C902A1E
                                                                                                                                                                                                        SHA-256:3937FF6FD2AB14A64E1E71D209BBA6D6CD26314BE2A0A048F181F06FAA435C8A
                                                                                                                                                                                                        SHA-512:B94FE6BB48F097D8CBC4EF6AA24F3F9B04629807FD826D0CF77F25FA1792ADF9D391D5738F8A346D13E768EBCB96BCE5FACEF4868382A1F847008F3F845801B9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...4...D.....0A._....pHYs...........~.....IDATx...?V.G...j=...4>....lR9.L..{.s..7.F...;2:...............3..~...^..C.t.|_uuU7.C...f...z....|...q>..yw1.U.,h...2.G........}....RN...t...)h...r\Jy+b..=.q..~9.......4.~8.1......].9..4;....jI.....6..]..]..b..\Ge~.3..#..........:Wf...ow....|._8z..{....8.s......?.7..;.9.......rV.d.........&.jk.,........&.m.CSW...;..<3?mZ].V..gT.......q....I..9..3..3.......E?..c..........|.-.p.{=..{..............O.V.c_.:B..Y)...}....r.m....|_..0...[(...w..94S...w,11..\W..............?.ywk....u.~.c...y9..'L_Fh.d...U....Q......6..GNG.'...wSO(...a..>5..W.3U.|....x4....4.....3wn....Im..Q....4nB.m&..EKK\5..wS.[.D...%^....uyss(..].....-..h......0...h....''h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Display 02.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 418 x 41, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1018
                                                                                                                                                                                                        Entropy (8bit):7.592402450098522
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:MAaGMBkeGB0mVARASA51bFEgiPBQ4XRUoo2NKh/WN:hXMke05yA7bugIQ4XvooY/Y
                                                                                                                                                                                                        MD5:7374E2A43CB40C3A927B5F9959149901
                                                                                                                                                                                                        SHA1:111FB872A39B6C082CA43CE575178461BB594530
                                                                                                                                                                                                        SHA-256:9E3493FC9CF003474CC8E2E65814F3BC1FF8821C9E18F975B2B62C696D12FFE9
                                                                                                                                                                                                        SHA-512:3BB01E810E49DC70008CFDC4471F72BFBD81E924B652A096235F2105965B22397DCA8C55EA9326FD6DFBD9DAB216D9D020E36AE1E96D8990E83B6AE86F013520
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......).....w.-.....pHYs...........~.....IDATx....M.P.....=l.L@:Ao-....0A...LP:.a..e....`.d.T...N|.}mB+5......'.~...=Z.V.W..."r......B......9......O".Dd.?!.......M....D.Q..."2.....h.(".Rk.ey...).....AD...-Bom..,/4..Py..+,u9'M....o..T.....<.`O...Mw.u.x6!...[[..R."..#...oa..... ..bM...V...nc.D..T....`.......3B...hd..Z..h......4qG......,"w.U.@3..h....mk.sK.FQ'.+.H.SN..<M...{..H...I..q.... .n.QV ..s......B..F...5..)-...*.6).~w....V..........A..&.[W.U../m.n...^GFY^LX3.....?..w..:....N........77...." .6%...M.......7,..5PG..~..)6......0.mn .......]s.e.o'j.b0......^..^X..1.3...x.D..{{.....L....)FD@...'[?.BI......A;.W....b.).J.N.e...u..=...v$..B.-...@.I.F4.f@..._L.G....Y.D.....2k)G....Q.A..0p.....z........ .{S.)..%xP.r.Y...2...#..8.G.&L.J..,/\....-.../..*_.b...C....-..... .;....#...V...v..n...M.......GEz(..E.......j \.5.&N[.\S}....}.x......F..=..r...kSsUv......4..=.L.7......[L.0.P}.@G:....B.6"....uW.]u....~j{.ZE.Q...s6Z:.?.'.8<:..u..A..o.(HD~...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Display 02b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 418 x 41, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):992
                                                                                                                                                                                                        Entropy (8bit):7.535009718254115
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:z8BxQe0TePO+8NiLc0Q3BvRbFsEFZ3DmyUaO6qtV5:z8B0J1Ocf3BHsUDm4Cd
                                                                                                                                                                                                        MD5:14FB74503A226AD44EE05F6B3ACFCD48
                                                                                                                                                                                                        SHA1:A6A941D05179649E59A009D62F27CFD795B3198B
                                                                                                                                                                                                        SHA-256:F25EB99C02CBF3FCEAA3A5A6CB246BBFE26FB2662936CAFEBD9F8CDDE005151F
                                                                                                                                                                                                        SHA-512:14F19438DCB85E157C6C43B2F19B76E172C0BCAB6D3B4EF26B55FD696B8E4B27197C6854718C9DB9F9B7D4AE1A62DDA03EDD8CAFCF869AEF0BE3F9DFD84A2B22
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......).....w.-.....pHYs...........~.....IDATx...An.@...7.....'.7.w..W.....'(7(...^...N.p....j..=....R..$......>f<..J.Ya."...PDnE.S.....7k.y..G.Y.Yv....(+.XD.D..!.@.JD.yjf1...DYa..g......)...,B.v.z1+.TD..!...\v<i.4......Z.=#..8.g.. O.k.R. ..Zp/..pb..QR.#.........f.. ...v..}....4kvvKsYa. ..............G.3..!.....5sJ.HgC..} ..*]....c..: Z..z..1...r..&...w......w@..]..2^@.<O.mL..}.....R ......o../.5..tv........6....!$.#fF@...t.P...5Z.x..E.mC.5.w|.......$X...p._]...3-.<.z....v@.1......D..oIN.&T}d..F3..... ......r\L......vM.......|..v.#..k...w...4x..j...+..~.~....h...#s.....`i...O.D.....H..p.g...z..{G}}.@G..2......lD.._n..V.@'.+...,T%...@7.mc...`.q.....B...h.v.U...8..D..^.......)..D.UX..1...2..F+=S.8.YakU..9o...5s..).......Z.x.....8. *..~-.d.Fn..W...pF....v....l.h.....8...9<_e.!%K..g..H....5N.#....LI|........t....7.....Ue...^o*/...X.#.yj.E.Z.H6at..#......Z.6L.fA...h...m...:..h..WD{.6....D>...........9....W..X.`Y:....IEND.B`.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Go2Meeting.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 403 x 849, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):85416
                                                                                                                                                                                                        Entropy (8bit):7.9853531268658555
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:wAvvK0847tDGOXl9CCdAB8C8uzhkKM+010k4lzyUOAManqZtq0IKJLf7+92:RK0NtyOuWA/2S2UGaxozm2
                                                                                                                                                                                                        MD5:6428081514C762235484B78DE4D3FB53
                                                                                                                                                                                                        SHA1:5D2D5F71B6433BB46704D795BF49815EDD8A0223
                                                                                                                                                                                                        SHA-256:5C21456B22595F128A2C6303D966E9A8AA9ADF0D34C2B5C578559EFF15DEFDC9
                                                                                                                                                                                                        SHA-512:49EC94B13B2CC0E7BAF12D737CAC3CADD7AA83A9CEAD2858E5A8E2E9FD0D6C0783FBAF46BF7E64DF375970A1A4B434BDACDA046CFECBBC19954B9668E67A3C88
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......Q.....&.Q.....pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:17-05:00" xmp:ModifyDate="2021-04-30T18:38:34-05:00" xmp:MetadataDate="2021-04-30T18:38:34-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:6352cb88-8d2a-e149-8d10-7cffae4a6cae" xmpMM:DocumentID="xmp.did:6352cb88-8d2a-e149-8d10-7cffae4a6cae" xmpMM:Original

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_audio.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 1000 x 813, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):42674
                                                                                                                                                                                                        Entropy (8bit):7.840543790213694
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:U26KcWAxdOTO5c83tmMuc6Ewb9rrRLO+Pn3SDMyYdevWDXCF6xLF6+Svm/GdFa/5:UxnWAPOq51ki8g+PniDMTdevQSF6xLFt
                                                                                                                                                                                                        MD5:6945E1DF586C00BA686661631EA1CB04
                                                                                                                                                                                                        SHA1:9CF569943F5A14DCF9E7EF19782943A4E92A080E
                                                                                                                                                                                                        SHA-256:60570553A0DAA7FF5A0D913A35A80CC56EB902DE30A6B9167915E996382B1601
                                                                                                                                                                                                        SHA-512:DCC29BE2CB686FA00B68CA2449A693CB6DF4B7E15B6C8EB2B79A84044DEC9243614480381FB7E5238780E9E98293286293C8632AEB1D1F77BC705E1C5E4FFC2D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......-............pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:17-05:00" xmp:ModifyDate="2021-04-30T21:23:22-05:00" xmp:MetadataDate="2021-04-30T21:23:22-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:6f655927-aa5d-0948-a8ff-3c5aaaecc992" xmpMM:DocumentID="adobe:docid:photoshop:aafcfe97-a717-7d4a-bfba-859cc33b877d"

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_video.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 1000 x 813, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):49327
                                                                                                                                                                                                        Entropy (8bit):7.888483310268996
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:HKKfW1CdIvk8YKDoAOA+MkG0VVHi8q7Fixi4xgBd56CR1ek8UFJiAEb:Hu1ebfAOA+HG0VtqEuj58k8qiAC
                                                                                                                                                                                                        MD5:204887D32D0D728E2E72961501142C68
                                                                                                                                                                                                        SHA1:3331B0FC1D18CD8C3CAD8AD69F8D1DD9CAA8B8A4
                                                                                                                                                                                                        SHA-256:044AFB54D6FDD785AD82B34E4D8391FB58A1BD231EAF18CB5B3D2952F123DCDC
                                                                                                                                                                                                        SHA-512:FA769DA9C79726E64B0EC58CF8B717BFC34A4F392FC9974369200448CBC266440BBDA4898BE3E9BE3FFB5BA16FBF47600E910C587A6CDDC25CD971CC60FB8D7C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......-............pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:17-05:00" xmp:ModifyDate="2021-04-30T21:19:08-05:00" xmp:MetadataDate="2021-04-30T21:19:08-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:e16fd676-4704-dc4b-8de9-f5a093460ec6" xmpMM:DocumentID="adobe:docid:photoshop:8f014ea2-b541-b44b-a065-a8feef2455ce"

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 128 x 75, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):476
                                                                                                                                                                                                        Entropy (8bit):6.572841577492603
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:6v/7+/3UNBHPKNU+ZlZlZFpGOK+uf81ZlZlZFyHrK1ZAm8:6Nctbb7pGcufubb7yH2Lg
                                                                                                                                                                                                        MD5:0EE2D0A6EA0FF374B16A61691601C046
                                                                                                                                                                                                        SHA1:9267376FBFCD392CE6E45CBF33C814F4B22E9651
                                                                                                                                                                                                        SHA-256:C75D0A805DABE8DA0C642883DA48509B0DA1A1ADA39472A77271A5BC5BA046AB
                                                                                                                                                                                                        SHA-512:B3926CEE6A6713FA4F5897FFDDE188A01A2EA98CF19CE1E1337EC17E1AC6BF951F63CC2BF3951664EDA0630131142BB57017094D72945F31527CBC5767CFB752
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......K.............pHYs...........~.....IDATx....M.P.....G8%.@..==..t..@..A:.....KH:..$.8Z...0.u..8.d.=..!.b.."b.Bhk..w~..X.....G.DD9...y....:....}..>.....3.8..3.8..3.8..3.8.`.g.[......%.x.O.h...........@.I...~.....p..g.p..g.p..g.p..g.p..g.p..w.........#.w[.|....S.T..&o..v0..k.....3.8..3.8..3.8..3.8.`s9....C....W.>..h../.....p..g.p..g.p..g.p..g.p..g.p..7...~/.z7.#.C.q9t.kB......r(..t..g.p..g.p..g.p..g.l.....P0.......Zv...b...9.....IEND.B`.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 128 x 75, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):491
                                                                                                                                                                                                        Entropy (8bit):6.790559557465972
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:6v/7+/EOJqXZdqBqyQ85+BNFaFIAhRMQS/uMlZlZl7Jc:XqXfqV4BNFShjSFlbb7K
                                                                                                                                                                                                        MD5:A7F065CC49B62671D1F7A0C559E805C3
                                                                                                                                                                                                        SHA1:DE343398B2C64DEFBFCCF09747D4925F79509439
                                                                                                                                                                                                        SHA-256:10B9791E40694B30A4645B8841A31F7F16DFF84D38C31F5423A4250E1EAEFE49
                                                                                                                                                                                                        SHA-512:6DBEBF11B04E5FF8C9C5F7A3B3B4F1572211E12A1FF499C0851E7D25F572C22C53A176FF685D7956E14ECC7ACAD6BA27CC5C951F7FBB19C2A53E5911F7131623
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......K.............pHYs...........~.....IDATx....Q.@.F./....-..r.#...K....<.7.a.P.t.. ...P...:..1.3.?[.}.b...I..A.d.6U7.....$..z......,...P.u..}...k............................5...g_.MU.x6.......(.B3..@tmS.... &7.p..g.p..g.p..g.p..g.p..g.p7....3'...............dJ_....8x.=O.Bn.+....o.|.L.n....g.p..g.p..g.p..g.p..6.........n....}5`.mS.8...................................n....CWI....Q..X.......:........P:..3.8..3.8..3.8..3.6o....P0o....94....\{..l.....IEND.B`.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\ScreenBeamLogo.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 601 x 74, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6635
                                                                                                                                                                                                        Entropy (8bit):7.956737759715022
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rTOgkGBqPdihCpS1zTXA+x8vEIJ+7kXo3maupCIa:rnkAqPdmCIJXALa0P5a
                                                                                                                                                                                                        MD5:64EFA7DC6B94CE461FD8B8E348A28B05
                                                                                                                                                                                                        SHA1:7867140BB930F7ABE83EBB66D731141C4ABAC20A
                                                                                                                                                                                                        SHA-256:EF69AD54F09D3223FEA10E0A8BBB71E31100078A87E095EB0CC9748906B3819D
                                                                                                                                                                                                        SHA-512:AB9D0ACC714A212F20A7B97C6F798C507C42098B9A65FB03BE0A3D197F72D06762A892DDFB1375D456D16EE2BB58FD81E2EB19F257403EFBEEC7A273EE2D428E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...Y...J......%A[....pHYs...#...#.x.?v....IDATx..Or.I..{&.G/..^..>..........fN0..F'0...........gN./J~J......n...x...].UYOeee.....H..p2......(.......~j.E.........h......0EQ.EQ....Y.....).....q..2.k.]..H...Y`7v....#.(..%....,.......1......*.3..(...'........c............Z.l....bk..MQ.....4L...6P.]..8.D.\.f._$..#.f.O...d..Ph..r.5.].[........pb<G...X..h....?...S.(..f;.?.L.N+J...,#`...:...7......-EQN.^.E_...*J..,...N.J....*..E9a.Uh)Jx.,.:!..."Th).r.\.P..(..).L.S..B/ ..EQN.%..*....".....o....p2..(...Cz.EQ. !...l..Y.jNQ...Z........&.=......kx.:..[.v5......"..,........^.=D..G$.+.(..=..$.V.P(...3..1c.X.Y........W.E...'k* .>=?=T^A!k.K...T...Puf...(.'..B..4F..R.r..^Q:E<&..9.."...;.a..A3!+..4.O.F..Z..^....^.z!..Ei.....n..H.J.........U..-.....;.K....0.".b..U(.-.....X..jNQ.V...0Cl+.]`*J..,..y....o*..Ei#\."KQ...|..H_..e.?...'.k54..8sRSX~8'..]9..S..X{.....F.7#.-.Dkk.q...3n..vr.....'G..H....ks....Yn=....i.2.l.9.K..>?.9.zkg.....U.Z xM..&wN./.0..Y.17...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 227 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7228
                                                                                                                                                                                                        Entropy (8bit):7.96362266301775
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:kOt9w5kl1xpeQHWHAE5041RSdw5E4aee6AARfYIflh9M4Hzfaa+rstb1YpjT6s:k89wql/QaWpRSdc8e5/j9LaLrsMpjT6s
                                                                                                                                                                                                        MD5:04EF5899D53A2AF4D87EB161DDDAE312
                                                                                                                                                                                                        SHA1:EF05428FC27D5DA6EA9DE6B4E4FB0CFF0F7157E8
                                                                                                                                                                                                        SHA-256:B8CCBC29B65B34C4BB7CE5E28FB0AE48CF499D45BCAA39BF7DA25C01D840378A
                                                                                                                                                                                                        SHA-512:4341AE9AE239CC27EECFFA6117137F702D741A2A6DA6D1A89EC80813FC3ADD7C6D7F54751160786ABA657E7E84B67ABB25336A1821CCD615484AC22C2994254C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............f.......pHYs...........~.....IDATx..].q.I..u}...@...F`...i#..@R.F..E`........"X.`E..UkO.m...o?..T..a..aN.......U.O.'.qUUW.9.....M..{...YUU/....r..\.2:.O...UU.Ez.).:.8... S.2..I=...:.%......b5....y........Y&.S...O..6........B...C..p.s..Y..^WA@.4...SU.I....g.I....B..-.U....__."......a....m.:..3....O.n.W..C'...........6.....F.P._l.U.{....y.7.k.VUu...c.3.?.D..)h.."#\.....d..I.h..<;U8...pH.......l20.......qS...N,5.....)N...]|......,.8......kg .4..!c!OAp$wS=.BM..}<../..N...S.Q...x..u.q.Qi.......@.A..\.;F...M51.g...*..s.o.....<..9.W.."..."....p[.$....M5.a<.G..J8'.0r..=.D'.CD..<..5gM..n...c[....s;xn.6.$@T2.$.@D.0q.&kN.6.._....{e...^....2.A..FF...8%.u.).2^.4..\.o..&.4..eb$>....5u...s..l.......e./........q....B.y........[.'....y-.2...-..;.e.7.gcE..A.."r...V...x....0....n..E.t.(.......`.8."Os.3-...a.y2.yq...d.'u....q..3..o....... .Q..]..Gy..(...9u....~M.{...q'].xP%#.z#O"NA.w.4..].w.!.......)mkA.......FF...#..tq..HD

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 227 x 181, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7176
                                                                                                                                                                                                        Entropy (8bit):7.958435392585551
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:1d39ffDdaSaHiWIKhJdof02esUeFEOTqzMBu7xDRs5:ThRGH4KadlXqcqRG
                                                                                                                                                                                                        MD5:3381A6F3CF452721366507045E0A9DCE
                                                                                                                                                                                                        SHA1:BC91156986104AE4794CCA4F63D68396668B4DCB
                                                                                                                                                                                                        SHA-256:387D53BBD452C6CA18D0333D1D754CA8049621A6C9CB71ED82AA053DD95D1663
                                                                                                                                                                                                        SHA-512:DDCB94DB1CC063CBB04B030F726F87C778182A6CFB76322E263C3D53635CE3F2B45B13A635AA6BB9684E84459B651AEB20FB70E777E0442DAAD39A9436437B33
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..............YH.....pHYs...........~.....IDATx..]Kr...m...o..W ..,.4.<d$....H^....#..CF.+0....kV...K..+?U].u"./.>C..S......z]d.Dg.n.EqU......S.........e.)..].dt../....Eq..R+...==\......82...d./..k..0/...p...x..5"..?"..Eq....L...p.....dD.....c.........7......K...q..5.p.'#......}.....c?.....2....m.;.99..H..2...6N`Jg.....MX.......x..K.L.g.....UF.!....H...y..y.....82$.M..M....)...e./..)..p.jI..\.sD ..V...e$c.....".8.w&...6...N..y...9]...I..3YwqJQ..OfQ.....e%LFp..3..?..?.!.......2.<.M(.E|a}......,.K...Q.R..?;.....,rm2R.ODF......<n.o...s.W...L.L...%.G..~.9.O..'.y..FY.=....O..J....E2...pp....4...M.v&.+....?.......!*.qj=!.......d.2...'....M.M...OA..L......).!.f...L.....2..Q!|3<.Li...ex.....a.....;|S{.gX.....Hj%`..M.;15T.I.(.......O....kjr6. 5.......p.z.).7..|.+t.HzC:..=..X$D4..KQ...[9......U........a.M.|7%B.!@..Q../.we|_?...z.l.Y.0-)..%.3..1M..'.....D,..z.pB,u...).4N.N...{.g=mx.....f.n..S...........v9w.a..P%#~,I2.C{..1...[..~...zW.. ..8

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Source 01.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 272 x 202, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2605
                                                                                                                                                                                                        Entropy (8bit):7.7402023981882175
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:E+1u99QkCU8QSObjAzrOZzzx1EJ++YwO7sdcXvfpmR3akAkAkAkAkAkAkAkAkAkO:E+1u9sU1jAzrUzQJewOW0nUapppppppj
                                                                                                                                                                                                        MD5:9E53C56B516DD54749FC05768098FFA9
                                                                                                                                                                                                        SHA1:917DE4A8D10A862016D223859F9624465C45737B
                                                                                                                                                                                                        SHA-256:E07E38B0B90360D8FC316E37436E94D7692A02E500C60A0064C3DB22AF3DE49D
                                                                                                                                                                                                        SHA-512:AFE46AD70BBF82188C85717EC581077C1667361181C99E03A176CD54761D629B188712A29BD88FA8AD796CA5CE5EB4E314D78146E1E6AFBFEDA59DCB5AEF2870
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............m.......pHYs...........~.....IDATx....q.W....h#@....fj..6...,G`9.......?5n"X..E.(...:..B.{..|.y.(Se4jF.[...s....K..Xv.M..O.......-. P.b..5Ms.4...^.}.4......5....|.N. P.b..A.|.^G....w..(..*Z,..i~..........}.K?/...U.}<.&..r>k?l.g'@.......c.$1.........6. +7.$.....7..........i~m..?.ew..@.!@...-....z....D...@e.e.o......9.r.F......r`!.&..j.S.....HL!N........&G).B.Y....-.u^..@......Z/&@`.,.].ar:QQZ.S......a1B..5<.....2..U......Yl..p.#.t....31*9.Q..O?*D....#.I....=.#...;8... p ...4.$;.).q...D....8..<z..f...hd).o.Y{1....8P.e...I..^.../@...X....N.Z.. 0..;.*....4u..x...".... PY.g.+.V}...n.K.......;.. PQ.G7.....U.0I..|.....O.P.y...O...e.)>...gm....u.......U...?...V...../.....j.._.....E.8.i....... ._.......)..3.Pl..^.@].....;`._<......,jJ.B.@]..u...d..)....G.@E...v.....p+.E\./.u.7..*...~....1^.......T.d0..1.=.8Z....../..Q..&.....6.. .ek...*......X,......0.e..j?r...M..k...Oe...u........!...|.F..|.W.-=.G.B..\..;(vHN....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Source 01b.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 272 x 201, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2609
                                                                                                                                                                                                        Entropy (8bit):7.751935570594546
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:rWJfP2n18fIq36wA1Y3S0XCi+OsmgV7iQKeApLzuVcaaWhq0OIsHZc:l8gq36wYYNr+OsvxiR5Zgc1vIsHy
                                                                                                                                                                                                        MD5:8BB5D9194F9AE840C1EF54C02C43FE99
                                                                                                                                                                                                        SHA1:96EFAC9879BBEA22C1EA2FFF18B1F2BC3E4594E1
                                                                                                                                                                                                        SHA-256:D07F812BD5236CCBFD9217C6AC267DE941D006641ABB3531BB5149DEA9E17743
                                                                                                                                                                                                        SHA-512:F22625D9C3FEB679DEF5E0AB3C92A5EBBB255CC7F7AF419C69C323F85B8203776F4A1530927FD8B6BDC9824328510F20DB752B2EBC3F862756A5BE707CC1E15D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..............LmF....pHYs...........~.....IDATx...KR[I...T..P+0......i..F.WP.T+h..S#M.P#..`..+h...q.).L!q.(.^|_...........A.4..o4m..N.y..|.:..nw... P.h..q.R:....9P.SJm..N...].\..T4.6.9.....9P...d8........F.f.R.......j...u"@.......xI.&...2. P.h../.m.lj0V.@E.......x2.\..E.Z..+.yC..w)./.is=.6..zQ-..(.y.l.{.H...p. P.h....m...1wmz.l. .\.z......rk.......=..8...?....>..........\.z...4.....!9... .e...}..n.<..Y.vD.....)...1..\..$..vDn.....+..~.........A.i...R..CD.....$... ..r...6..,.X. .'.;.=U<;#@`.XJ_T'b5..\m.!.(J..VL'Z ..r..:X;.iPU...[!D....K.....A...U..>.......}.[..."7..`..D..*._.....&..k...!..rw.....}.5+.y?..Z+g.!.2.^.Y..........G..r4m.V}..).....h.@E=..Se{.6.RJ..xH.:z.u.@..>.0l......U..IW..Z!Z P...i..:..F...?.......u.L.........%.z.... @...5....H`@.o.. PQ...a..i8Dr..%...... PY^C....3.s.....?...ATX..[..Q.5jGB..N.>L...5)...@....;..Rz.]`F...e.0.../.d8h...o.?.{y..K.Cr...|....."m..d8...M..../Q2{.}....l....6K^Xz.H^k.W.k..>...l...)..^Xz.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Teams_03.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 1000 x 1000, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):69554
                                                                                                                                                                                                        Entropy (8bit):7.876398312717814
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:EoeNeq0IAahqMnkW45preYA7eVyQud3ce/XjG+7/p:w/DHnF6FcJJJB/j9zp
                                                                                                                                                                                                        MD5:C6A33864468BF8E7F43B4BBB8DBCF83E
                                                                                                                                                                                                        SHA1:99F18AB1F88249E2D184E2ED09111E6DF849BA57
                                                                                                                                                                                                        SHA-256:BFD7126FBA79119B208374700733B636EBDE1E03A20F0D07757181D59E8DBB9B
                                                                                                                                                                                                        SHA-512:BD4CA6DF1BE8046AAC755F9790AB0E02A7692D18C6F9341227CF1A2E013C54BEB1DFA66F5F5C31D46E18D3CBAE077950C0034B88860D593ADD0FC7B0DE8C9493
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...............C.....pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-04-30T18:45:01-05:00" xmp:MetadataDate="2021-04-30T18:45:01-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c433aeb0-0a69-0043-ad67-aefd8a1b2e97" xmpMM:DocumentID="xmp.did:c433aeb0-0a69-0043-ad67-aefd8a1b2e97" xmpMM:Original

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Warning_blk.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 155 x 136, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2340
                                                                                                                                                                                                        Entropy (8bit):7.846633957982799
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:EtDfZuMXtRcFH05EWPCLp60Q1/cb/oem1aHUPaGc4e4mwm:EtD48bcIcp60Qh+/oeCC7Sm
                                                                                                                                                                                                        MD5:6050EDE0EDF86C0CB1E93000FFCB627C
                                                                                                                                                                                                        SHA1:A28E3B8C5344F1D5DD145B9BD80F2E3655798350
                                                                                                                                                                                                        SHA-256:020E19B7DC88FDE6473BF002ED65622808C5B77D50B273A81AEF7E287FC950DB
                                                                                                                                                                                                        SHA-512:371283937CC3606ED899C1FDC8817E43B9DBF0263D430B83D87153D3844985F9F5AD1471AD240748BC227A420BD11CDE75A1FACFD8E8E0EB2615E8B507D5A074
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..............#......pHYs...........~.....IDATx...q.7.......N.V*.SA...T`v.....H.P.. r..*.U.2..6%..pG|......XG.....`..>...yx...>..6..$.l/.....k..W.}|:....M<?.'3.S.......s.-..;........(.W....G....M..f...4.....u.^7*.36...p..>..^{.W.nR.6."x.o..4.8...!|.u.\1e..{........7(.S.'d,.n.sQ..$..W[,<..9k...C.q..n.........J....}T.........F....?B..B......G..;....vo..._i.0....3.Kl...NlA.]!.X.L.....c.T.+.....S..CY!..Yg.....Xx`xe+9.Z2...S....\..ZaP..^.66..........!D....~.?...z.z.M.{....&9,;.NF],..l.2.../14....E~.&.gXe.. .F.@....d.T6p....H.).Q!.)[bN..6.K..-....h9.#*...(=...7...el....:.J+M.+d..O4C..5\....\!.0..*...Z.Cs..`.e.u....A..0..Q....X5....0Q!..B.o.9.d.w.{. .(.]!#..._W.....8.z.Md._.V...aC.[.....q...b..j.-....K$....Q.l...=...l+j...0E.t..S.%Y.......g8..SYV..^.Y.....i9b......b...!..n..G.k.4}?..l....*.....C.kX.L..T.\..%..7.}WC...06x../...-PVk...G.3.G..Q...8I......ol..c..vR...j..9...yE.A..^.....3S.W7..V+......v...X..l..s'u...."...e...*,(..".......

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Warning_red.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 154 x 136, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2267
                                                                                                                                                                                                        Entropy (8bit):7.8636669830835295
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:7I1s/0OuyGJQmNgm5xazmEtY3r3JIS2aS1LvYX7BIG1Ayejzj:7IK0Ouye/azxoIkS5AX7BIa/Azj
                                                                                                                                                                                                        MD5:11BAFFF191DA71749104B9CCBF5FBAD8
                                                                                                                                                                                                        SHA1:BA6CB42E95FD177C5DB06A74B93CD0FD5AEFBD49
                                                                                                                                                                                                        SHA-256:1012143CE9B9009DE27EC83417BCB290998EC1D47642226755FE5BEAF018573D
                                                                                                                                                                                                        SHA-512:427D6CD7F71AD26C07590641BB9F31240C71FE7415BB256D1EB882AFFB13EC34D30835C8DB27924D5A44AD97677004FB2960B93BB206E3FC484E8A4196A47831
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR....................pHYs...........~.....IDATx...Y.9..e...W.\.!..U...H...n......H..*8. ..[.....ifg.G..{..0.2,...k.r.{0.p.....p.........V../..i,.p........x.Y.f.r... ..d.....w..S4.0\.........[..`....5.|..U..p..?..Q....s.....Ba....a..s..n..Q....,L.^...T.....q.0Z!...h.8w......S..O..s..G........).K.D.\....o...F~~..Vea..%... Wo...7......8...l....N....cP...(.m.=W;.;1...-...,.. ...=...C.;..h.....D+._...S4..H.A...;.Q.....nE.....d.....`.G..]...1.....Ao.....r.f...y...=..:sN.S,..C..9....o.V....v.T...P..;^.O.[.v.2.F...pu).mg.........m.V........3.gbA.3...a..;....(Z....J.-..X.}-..Tow..h\.........X........-.gc..]..X..gq..Y..:..X..v...3....t..q.h.v...6._I...hS..j......08l5A.=E...q9.gjy.PZT4..<ev.\(..9UkK......g...#..VD:....x...h..y.#.>.iV.".....><..6.E..1C.)...E.i..+..;g+&.m(Z.j.i.W..;.+Z.y..y....j~)>..E...%e.R.*^.d.Z.3.js9.@..}E..I.r.=t.J&,1t..]...U.......;...'W.Jf@.R.....!S..U..9.C....).h.^..DE[%><o......C.d.Z8<.{...7..s......h...i.+BM

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Webex_audio.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 720 x 788, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):66299
                                                                                                                                                                                                        Entropy (8bit):7.961523068971229
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:yaDvYOVbQEQjKJXDVCf7P/2qzYzpsL6/ET7B1d51pDKx4vnE:xDgCbQoJXq2wYzKzBnBGanE
                                                                                                                                                                                                        MD5:C63418D64D9F55FAE8983BB8E3390F22
                                                                                                                                                                                                        SHA1:EFB964CC281188199E67377EEF79915A2F47CA4D
                                                                                                                                                                                                        SHA-256:C7600F818D52DA2291188622BB31F89FD7C6CA5BB724BB75562AB80F8B380DA6
                                                                                                                                                                                                        SHA-512:593B13021E2F772299B48E5183ABF832237AE083124F34FDE0AB3B2FC90C163FD0886142AC4271455917713D92002F0249F6415DFE4056581500C648C2E665D4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..............;......pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-05-01T12:58:43-05:00" xmp:MetadataDate="2021-05-01T12:58:43-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:4fcf30c5-2837-6d49-9228-8aaf4ce449fe" xmpMM:DocumentID="adobe:docid:photoshop:1e58d27a-8eb5-7043-9c25-a23e0fa28b76"

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Webex_video.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 720 x 788, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):225205
                                                                                                                                                                                                        Entropy (8bit):7.988659019849531
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:YzOPygYSjCzPltsEGUW1k+/5C8fBRNxPg3otp1xUxGQ:Y69azP49UGk+/bZRNZ4DGQ
                                                                                                                                                                                                        MD5:0B24AF962EFB65CF9D84D32F1051CB7F
                                                                                                                                                                                                        SHA1:AF93286939B3ED2FB8B4281E80A0616C2FD850AD
                                                                                                                                                                                                        SHA-256:A5C3F258AA8BC1B5113F9EE3EE68C0B494C0396DF89E64BA397809E5BAB98127
                                                                                                                                                                                                        SHA-512:29F3A99E33467CF3E92AE55E1CBBA5A0F8985F159F0A5583266CBA7AB66CB78F91D95D0AC97329835939290464CA2696EE339D65B79635D00481A4358BE88B61
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..............;......pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-05-01T12:53:49-05:00" xmp:MetadataDate="2021-05-01T12:53:49-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:ee909eb4-bcc6-cf4b-b832-a231bec47261" xmpMM:DocumentID="adobe:docid:photoshop:57ed1941-e4ee-a143-aaa6-82c889b5b586"

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_audio.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 996 x 822, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):62003
                                                                                                                                                                                                        Entropy (8bit):7.882536706934873
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:DmQg8L4uOc2ALn9mKqYFrUjGE3ztVfasP+tbrpPS+plZ8qHK8mUSGlxGt6uu1ibH:Dm64py9lqYFkJVSV/YqqL8lwtnuMahb4
                                                                                                                                                                                                        MD5:33DEF4334217F9817B543EFE2BD011A0
                                                                                                                                                                                                        SHA1:A856001007EFA1275E2564B86640A376837C41F9
                                                                                                                                                                                                        SHA-256:6122D3A1745C83B68B99C595EB0AE24FCD06C2E1FA74F3AA67CDB2088592C796
                                                                                                                                                                                                        SHA-512:FD78545900E479353304D07B46CB5DF55822324A38BA717715C9C84DFCFAB16761D21A337D0B1C9420FC79C1C0898DA425F8DBDFE3F3FC306F5550EB21D778BF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......6........b....pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-04-30T21:10:30-05:00" xmp:MetadataDate="2021-04-30T21:10:30-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:13569480-ea61-a44e-b054-8352c2def7a0" xmpMM:DocumentID="adobe:docid:photoshop:766ddbae-3d8a-1743-bad8-2c7d64d35992"

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_video.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 996 x 822, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):260289
                                                                                                                                                                                                        Entropy (8bit):7.986983765173423
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:Mituzb/ztF2V+J5d1/05VU2I7V96Kfka4L1+Q1833P:uv5QV0t0k1V968a1+QuHP
                                                                                                                                                                                                        MD5:28CA09E17FA6D684172BE70F5E88D5DD
                                                                                                                                                                                                        SHA1:562FEAAD833907F1ED1F0BE6AD54B3AE7A5A1E01
                                                                                                                                                                                                        SHA-256:54F0D37EED8C9CF43C71E168FA31CE0E58579C40B08C594B1C19F044FBC460E7
                                                                                                                                                                                                        SHA-512:B4CDFB8CB2BCFA19258C118C839947CAC2582A9201A29DA2C7E5E14B8CCA8D5BB49B035AF505CCD145FA8926C79B7CCF042D2948A21A76AA84890C64FE12E049
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.......6........b....pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-04-30T21:16:24-05:00" xmp:MetadataDate="2021-04-30T21:16:24-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:9cba2451-d985-764b-93b9-d14c63061ffb" xmpMM:DocumentID="adobe:docid:photoshop:5d86836f-d0be-2a49-a299-386e92516686"

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\ham_menu.svg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.119426182542363
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:tccGS3mc4slZKYnic4sFvQoEGlBMfqGqR3laF4SK3lNkADT/HD38:tcFS3/KYh93Mfq93ladK3lNbDzHD38
                                                                                                                                                                                                        MD5:0C7F014CE9B23358D00BA953D9C44CCB
                                                                                                                                                                                                        SHA1:DF1752C78BC6BD78615783C512AA81302FC14D13
                                                                                                                                                                                                        SHA-256:A0F75FFC5C685A770D776661D354422DBA9DC17AA84885F6F35DB82106A7DF67
                                                                                                                                                                                                        SHA-512:3DEE488FA25CBD4F2DC6CB789D4BF29E48C1CBD320D6DD7CFF92042923745D868C4C0580B9FB499BB4699D7FFC6AC2D9FA80EC4330F8C8B4B685E9E4AE21373B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg viewBox="0 0 96 96" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Icons_HamburgerMenuIcon" overflow="hidden"><path d="M11 30 48 30 85 30 85 18 11 18Z" fill="#FFFFFF"/><path d="M11 54 48 54 85 54 85 42 11 42Z" fill="#FFFFFF"/><path d="M11 78 48 78 85 78 85 66 11 66Z" fill="#FFFFFF"/></svg>

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\info-icon.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8329
                                                                                                                                                                                                        Entropy (8bit):7.832751646585658
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:nbj4rMvGOipjk7J9jjUkgTmdo9jU83jbZOwlVbDQMcYR9qH2Xo+c:nNe3k70adoNU8Tb7DbjR9E2Xo+c
                                                                                                                                                                                                        MD5:164EAD314AC3D2E989D23C9A2BF92509
                                                                                                                                                                                                        SHA1:01ABDBF23F0C579C8E7BEB94326EB0EC893DED2F
                                                                                                                                                                                                        SHA-256:188604E0436236A03272350C27A8E6EF96EDADD7E89F35975369F446A1D9DC82
                                                                                                                                                                                                        SHA-512:3FF029EE8321A2F333FB708FE5109CB86A97C5682C6FCBB558485E866400E5B5E9F901062E931CD37FF4AF5E6058FD8A9B72E9C7C59712541009E0278A068873
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..............x......sRGB.........gAMA......a.....pHYs..........o.d.. .IDATx^..Oh.....z...4*....z..x..@/{v....7....:..`..o1xf..0<D .y..A.hF..L..2.A...%.I..G.u.}%]Iu..~..Hw.n.:u...I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$.....W.G.6......9.U{...??:......X.$."5..[g..i.............a8..........U.I.3%I....~..l.o./..'q.._.L....pfa.......I.$.S..;.nw^....:N...vzp0..L...H\..$.........~:..........|.L...lA\.$]_.T....../{......[..p.ecr.Q.x$IZO.S....Ag.u.......%..{.\:.$...kr6..o........7..6..$.u..~8.<..y<n.E.9.....K.j+.".....g..S...j...?....'....;...{.. .?..?r.$..A.....3...Y....g.]...f..n"...6.s...v.6.`@.F.|B..|..6\..0Uq..%I...9.........I.?...Y.I....g....u..>.qV@..\x.{.>^.BV...P.Vh..|o.8.nx.D..%I...~..|Z^..)]...i.WJ.._..+\......&w.P........TS...Q|!Kj..5y.@@R...~x+....j>..^...>.Ar8K..>.._....3..~8.p............cv .?......B5......i..:~.$i.mL.>.~.<K.ui..a.......k.H......n|

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\panic_button.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 135 x 176, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12500
                                                                                                                                                                                                        Entropy (8bit):7.963895025939282
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:puDCg3GXRy+I3dfjFIK6Sdg9cA0g5LWqsjtT:vg3/trGn9cAXW
                                                                                                                                                                                                        MD5:DDC8FD60D7AC9B0F5B4A31F85941D910
                                                                                                                                                                                                        SHA1:D178CF17269863F9D66564BEDB0501B68B788D0C
                                                                                                                                                                                                        SHA-256:DDAF21F47792E18653DC4737562F0A50704D29C165FC6B0D79BACFFB52235032
                                                                                                                                                                                                        SHA-512:F2EC43E66913D43594326E08FC4D196561B6125B71E74A9158A1555458B09BA3B9B2633C53117FC65B614ED63CE5C16FC93713ABB10F29884271FB677245E5F1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............%.}.....sRGB.........gAMA......a.....pHYs..........&.?..0iIDATx^...U......O..F%&&t...e.C.w..2. ..X.n4v.-...6, .X. ..P....L..{..=.n.R..#g=.........>wf.'..B.-..B.-..B.-..B.-..B.-..B.-..B.-..B.........B-:../..'M....I5?.>....73.O.0k../g....O..A..Z..un.uC+...4.._.6..Y3..z.../.05..Z..X...Y.Us...+.......x....^{.._}.._y........e..".....9...3f].... N..C..s..V5....E...J.....9"..o7.hv..f........}....=.....=..sO.s.}J.=.y.q.....7..fw.b...[...i....m>...f.)].X.q.D9.._.H;s.C.._.Z|.....y..po.....g.^Y`..5...2{g....._n..{f..o.....?.|..]....r...K..-~..W..<o6Wdz.a...3..N..n.T.x......-...f.D9x..!..L..!.&....q...*G. ..#.....?+.V}........V.... ......=.q...8.......6{C.xi....Hi.-....KY.~..KU2.9..u.w.L..r.......2'..".q.O.G$......%o.d .~ ...@-..*.C.....IM.....~.u...c..9.......Y.Q.....#...W)........2.:=u..).5....'$.~.[Y8.G..S....*..69..?Wu../(..../#..(/.~...+/j..3...0.H.a.{u.........j.../..u....R.Wu../E.M..D.....{r.).z..C.Q!....L...Q....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\repair_icon.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 139 x 139, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1175
                                                                                                                                                                                                        Entropy (8bit):7.6598667385130375
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:IAh+4Jr4fJLlxuQNJzPaS7ABIijx++53yyqDb2BBqLjWN4:IA/JyLlxrzSGAFL53Vq/Q2jJ
                                                                                                                                                                                                        MD5:E9FB3CF8B34D6CFB76978312E8B1D0AA
                                                                                                                                                                                                        SHA1:69382962C0C236B16B4153FF66F81241B4EB0508
                                                                                                                                                                                                        SHA-256:38CBCF4277F5C062906535018C6D5BB9DB86C1B90C1090CDB39C0A4398C86D93
                                                                                                                                                                                                        SHA-512:CCBBC2B407D7742BD7960C48FAA1F299CA43E5CC83A6204EAC9FE0534B3EBCEB5E23EAE462252B325AE4CB3DEDB264ABC657C8960D4836EAEAAE4BA28F2465AD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............f......sRGB.........gAMA......a....3PLTE...`..X..Z..X..Y..X..Y..X..Y..Z..Y..Y..Y..Y..Y..Y....%]....tRNS.. 0@P`p........#.......pHYs..........o.d....IDATx^... ..`.......................GDP'6555555k:.....u=|..7/...n..{.shaa*.].G.i.q.......Pl..J`.k...{...i..I..r..@...?.A...4/X.fR.47..0(M..B....{.`.9.....&.._XmNf.i......4wXq.{m/7..D.1.....X(...$....wF.\a.KdM...',..k..N......a...@./m..|....,cg..@...{..OU.y.C.a.B....O^@....,..0..X.g.~.}..]...aR<5.....c........... .L.X.g..72|...+.h......S.x.f..-....,.Y.S8...s.t.1.....:."..S....(.5MI1...;.3.;.f8.#,.Q].!Rx...>.H.\.p1T.h..a...%,.C......:.L...R1tJ.M..C..Gh..C.+...M.C......J1/.'*q..b.:..c..e..V3.c&...(......wj.9!L.R$8.+...%....e.lWe_..f.;.J.1..b1..bo........,...R.T..J.R)X(..|.P"$.A.Z.C.`.P.!S.c......,.I).aS.a..R....FH)..S.1..mL.E..I..P(....haH..q....../0dJy..R....0)%1lJ9..R.#....)%0b.>&.....b2)..l..F...Q..`.(..5J>F...Q..a.))L..&v.#.$0...-.{.~...&.0.7@.)qL.a....Cu..%....@....g.peQ..P-1......+..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\teams_settings.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 755 x 396, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):51633
                                                                                                                                                                                                        Entropy (8bit):7.977056362115758
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:jnYsZO/yN01sa2DT8krc9ri/FVpQbSS8T7C8+GCM7bHacC0EIIA42xO:DYgO/p238bhiNfQeS78+GCQHjC0Dh0
                                                                                                                                                                                                        MD5:39728FCA44F75F4E8070E789ACA184D7
                                                                                                                                                                                                        SHA1:F4CAA9AC061752ED81720B03D5E56DBD322EC33C
                                                                                                                                                                                                        SHA-256:4A987D6FD5B338F3EDCBAF8C7C514076F44026DE4F11276C11335ECF3FDC3117
                                                                                                                                                                                                        SHA-512:363918CCA1424E2D0D927A1438C539BC38130936E893E42F9AAB370BB57FCDD4306BEB6B0B16E20A9E1B852A72051409BC1C54E052FF5C20E8CD5138271820DD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs...t...t..f.x...FIDATx^..`....V.h<..G6..l.......B.......-..h)V(EK.......~...m..M.J.A............g'..qb... .. ... .. ... .. ... .. ... .. ... .. .G.H___O...(..Dr1.......9..A<.......2e\.t.._..0........^..........'....W.R..I~9.... ...\*...........'/&..0.3....(....2..!.!.....^..n..8......A...FF..0'9S`.8.....W..%.S/..,.........h.....31.4..?l.......#..P.....Dh....<......zg''.g....g&.bL...IJrrHp0N..B\l,.x.#....R......s..e...%..Zt... .^p....Y^Vfll.K@lLL}]...8.%...anl.....Uzz:.Djf....i/..==\.P....P,f...X.07G...8(...wfF.:b."...Yaa!4........."..*1!..".....c^N.!.B.........<...XD$3..Q!R(.DEF.#.B%..^.Cw.A.?.Z. .G.N....r.u.....eZh(..E+.s..y.$.n@n..m#..q.a.0r...........0.w77L.y........oii....rpP...OMuuPP.^.1.........{...D.GZZ......../...mmmc...M..5)*,D........$d`..f...mee......0........ OxXXLL..........d.-<...:9:.S\.0.h...G.X..../.5.f..................a.......N...A...^..\.Y....NXo//..`^l

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\warning-orange.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 95 x 95, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):855
                                                                                                                                                                                                        Entropy (8bit):7.436117043011675
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:6v/7o4/fM/M6UG7NU/+04/0gira0+rfloGWVYSMlDhg9wFzPBziJuUQeJCctHu9:Ox6UyU/+jkra0ufllRm9wZP5fUNUctHg
                                                                                                                                                                                                        MD5:B2D1F94BB64D09B0A984994312A44326
                                                                                                                                                                                                        SHA1:D6E755583CF299DF6AB1131C9D94AA18ED5E7DBF
                                                                                                                                                                                                        SHA-256:B67CC2D62300EFC5D1AC008525E37269AD477BA57D0C6B0A6DEF5DD2EC5F8D72
                                                                                                                                                                                                        SHA-512:C28B92A2847AA5DD1D664B466C31837963121AA3B38615CF221AD9CAF81E5412F454EE0502C17042FED288B0984C5602F99D81BAADAC7876DF35A79E5ACEE57D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..._..._.............sRGB.........gAMA......a....3PLTE...................................................A......tRNS.. 0@P`p........#.......pHYs..........o.d....IDAThC...0.@........X...m >-...3;Q.C............@....R.aL./.t..L0.k..s........Q...[.;.v.t.`r...[..x.....P..'.....x...,n+......v.snn(;.,H......t.ssC.Q.......m.6.......j.......i....h8......8................q.a"7.2.v..b.....VN;..... ?...E.@7....tt....s....H&......$.mgs..m`...8.h....Y..........DS...t4q.B.GG..-..l_&j-pz.;Jw'2..#...K.<.....3..sQ.(..#..m%....Q..g.X.(?9..%.r....GG+.9l.l...>.....L.ZGq`.\.JGY.-cn.....ab#...Ql.9...k....|.....&.x,&....8wO.6!.G...Ud..y7..s..&&.(6...o...:.6.....T$.q.....\$.G.).o~....9..|...l*?....b..?......r..1.VY...l~,.9*..KD..w..2.......c`O...7E............ue..@..>&.."KR.ZM.u........R.$..3.....IEND.B`.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Images\zoom_settings.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PNG image data, 590 x 589, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):137156
                                                                                                                                                                                                        Entropy (8bit):7.99115996925414
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:3072:Yk7BUP0qkRwSPdlu+RCq1G0pmWS+iFmKLvlj+DWEZMJYRp:Yk7C8qkRHPdlucCOPpmyRKDd+DW1ap
                                                                                                                                                                                                        MD5:337565E283405CBA53EF817465D7582E
                                                                                                                                                                                                        SHA1:813C6E741BA1E430547E615006F53C415309CA8B
                                                                                                                                                                                                        SHA-256:E6A0F5E41B147D59AE1ED49FE8F805516AFFFCB544EB10377A58C8A0F86FE50D
                                                                                                                                                                                                        SHA-512:5A2BF0CCF1B6254C2A5B498D42D3B6111BFB7D01D55BC540B7C568D06B208BEC7737FA16C48A3813A64A6EE5980E53F8428A55C22E46D2C56FB8D6B40901815E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR...N...M.....H.m.....sRGB.........gAMA......a.....pHYs...t...t..f.x....IDATx^..@.......}..p~.{......N $A.!!.......A.....C.S.TRw{u/........i..N....of....{.((((((.kP.CAAAA...J........T.PPPPP..R......7..:......9........A.......o.*u(((((.sP.CAAAA...J........T.PPPPP..R......7..:......9........A.......o.*u(((((.sP.CAAAA...J........T.PPPPP..R......7..:......9........A.......o.*u(((((.sP.CAAAA...J........T.PPPPP..R......7.+u......e....+.L..s.+....D..b^.P.....w..R.6."....%....%o+.P.l..q.Pgs;Q.t;Q..WF]..:._D.U.z...*u..].....sB..Q..mC.........8..U.-E..h.-T....sB...n.2..N.9.f........U.'..l...s.j..%h....m........]..G.&.y.Y..{s1nX.....Ne&.....u3......!T...WQ......F....uN..uf.#T^w9......'J...3....S7R..((((w'jW.D...u%K[...'....,.VS.......F.n..<..K9..T.T..^......Q.......@....uN(........R....R..s..s>..A.N...JT.0.C((.5(..uN((+.J.U.....?.g?........-.d....o........Q...:..."...6....p.J..........S...E.oT[W...>...k``.@AAAA.m.7+..9..p.......*.....I.j..|#@m

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):29464
                                                                                                                                                                                                        Entropy (8bit):6.455186824073041
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:VJGWtLDBqWg7I7BFQvW1xLfCOF33OOO3OOOO3O3fOOO3OOOO3O3B3OTFRxYLcTIg:DGpWg7g2TFOcTQwBy0SEYiQsrAMxkEd
                                                                                                                                                                                                        MD5:5A4B1ADF0BD4512A901CEAD9F65A2D5C
                                                                                                                                                                                                        SHA1:0A2DFED92FA035CC9EDAAFDB9CC7081E86741746
                                                                                                                                                                                                        SHA-256:99BC3DACB424B14C2E3D5F50600B0ADBE39949D577A7E062081A6D416321F9D2
                                                                                                                                                                                                        SHA-512:A77CA97C54C523B872244FFB42645884104C9F0A2B361EECDC96AB16F1FF62108472AD4897D9648E4191779D9120A478D74F46C5487F361A42E6F35BFCBE1AF0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..B...........`... ........... ...............................c....`.................................j`..O....................J...)..........._..8............................................ ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B.................`......H.......P ..t?..........................................................BSJB............v4.0.30319......l....&..#~...&......#Strings.....8......#US..8......#GUID....8......#Blob...........W?.........3................*...................!...x...r.......k.............................I...k.I...............E.................R...........7.....q.....1.*.....*...............\.*.....*...w.#.....*.....#.........#.......E.............P.................................................&.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):694040
                                                                                                                                                                                                        Entropy (8bit):6.797959733322652
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:3JkgHpHfl7unn983HkCSamwpx8dDgX9C0p64zi:3iYpL3HxSaHpudDG9C084zi
                                                                                                                                                                                                        MD5:20B3E8BFD05EEBE45ED564825EF62B3C
                                                                                                                                                                                                        SHA1:FB3C5B2A48D7C5862D2DB081D6AF2936D6F91563
                                                                                                                                                                                                        SHA-256:9D72B7EC293B5771C4CB93422A805B25A767E972AED4ECC37915E36756CE5DB2
                                                                                                                                                                                                        SHA-512:09756AF93AAB914189DF5AC8800DFFEA2EC65685C50CF67E77526C241784058778FF9513B94B10CD649FA0E706C1477522D7A125E40DB3EBADFA3F3417E908B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*..D..D..D.......D.[.E..D.r.E..D.{"...D.[.A..D.[.@..D.[.G..D...E..D..E.u.D.|.L..D.|...D.|.F..D.Rich.D.........PE..L.....\e.................8...8.......=.......P....@.......................................@.....................................@....0...............n...)...@...p......p...............................@............P..L............................text...i6.......8.................. ..`.rdata.."....P.......<..............@..@.data...@...........................@....rsrc........0......................@..@.reloc...p...@...r..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config1_base.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2056
                                                                                                                                                                                                        Entropy (8bit):4.542339687773985
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dRE//EkMruCF9JzN8PzdKfomWfZAfqRX6hpQ9793/0AbhXI4X89:cpdR8Pzk4QfMtzNM9
                                                                                                                                                                                                        MD5:6D9D46649B405988650753948C8E374C
                                                                                                                                                                                                        SHA1:D73D605051D538D4ED9D2E8367D8977600046049
                                                                                                                                                                                                        SHA-256:54067968411799D76813CD2D980AA26D04E3E78632E6CE2747A555E30BF32690
                                                                                                                                                                                                        SHA-512:E451B77D2968DC9E6728A7EAEC5851FD7C79415FB8D2B95FDCF15EFC75C4FD065D1FDE0A593B5C7D49EAAE817BC39EBCA1F00C561711CF5FC8F3C2C7BE93719C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<config>.. <log_enable>0</log_enable>.. <log_level>0</log_level>.. <device>.. <server_ip>127.0.0.1</server_ip>.. <server_port>27182</server_port>.. <http_max_users>16</http_max_users>.. <https_enable>0</https_enable>.. <need_auth>0</need_auth>.. <information>.. <Manufacturer>ScreenBeam</Manufacturer>.. <Model>SB1100PLUS</Model>.. <FirmwareVersion>1.0</FirmwareVersion>.. <SerialNumber>123456</SerialNumber>.. <HardwareId>0.1</HardwareId>.. </information>.. <user>.. <username>admin</username>.. <password>admin</password>.. <userlevel>Administrator</userlevel>.. </user>.. <profile>.. <video_source>.. <width>[VideoWidth]</width>.. <height>[VideoHeight]</height>.. </video_source>.. <video_encoder>.. <width>[Vide

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config2_base.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4246
                                                                                                                                                                                                        Entropy (8bit):4.59391160498296
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:cpdCtK8Pzk4QfMtzNMfdCQW/8PzkTCcMtexNM9:C1gZtzNktegJtYNW
                                                                                                                                                                                                        MD5:3907C753C5684A8E3E5F527D52BCC033
                                                                                                                                                                                                        SHA1:35C0132D2A728632439414DE9C00E450D4092E36
                                                                                                                                                                                                        SHA-256:83E20372AFDC7388F8310860908B0E1E5478C371AC97B28914C2FA176E52E2E9
                                                                                                                                                                                                        SHA-512:B31290F12774B1F85298D1A87C21B218FBF0C35A3797F4DA9B4841D448D46C54118F4D517AD5F01DFB2AEC6ED243C2FD65FD76902540DE19F1B5778056A5A5FB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<config>.. <log_enable>0</log_enable>.. <log_level>0</log_level>.. <device>.. <server_ip>127.0.0.1</server_ip>.. <server_port>27182</server_port>.. <http_max_users>16</http_max_users>.. <https_enable>0</https_enable>.. <need_auth>0</need_auth>....<camera_name>In-Room Camera</camera_name>....<camera_uuid>[CameraUUID]</camera_uuid>.. <information>.. <Manufacturer>ScreenBeam</Manufacturer>.. <Model>SB1100PLUS</Model>.. <FirmwareVersion>1.0</FirmwareVersion>.. <SerialNumber>123456</SerialNumber>.. <HardwareId>0.1</HardwareId>.. </information>.. <user>.. <username>admin</username>.. <password>admin</password>.. <userlevel>Administrator</userlevel>.. </user>.. <profile>.. <video_source>.. <width>[VideoWidth]</width>.. <height>[VideoHeight]</height>

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ipsee.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1519), with CRLF, CR line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5127
                                                                                                                                                                                                        Entropy (8bit):5.331931775659372
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:o/OpOWBHl18Pe6HGbpOWBHl18Pe6HcpOWBHZ83ehebpOWBHZ83ehn:7pOWBF1ke6mbpOWBF1ke68pOWB5UeYbD
                                                                                                                                                                                                        MD5:A87DDC5D8B7E5D761FB916AF29B40BC4
                                                                                                                                                                                                        SHA1:B92C2E94D8B4536129F4B1ABD6525F32C09CE4ED
                                                                                                                                                                                                        SHA-256:6867B93F2F7E603F8BD1ABE82A19905018FE0634176C442A08F8ED83E8EB257B
                                                                                                                                                                                                        SHA-512:7CF4EBEDBAC013927454C900E57CADC59843F565D571DF7E89E56AA0D2A16680BBD2825D944365DAB7C47DB664DCCB8476ED51BEB36CB408049A2CA7AB530EBD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[2021-08-23 21:52:25] : [ERROR] http_srv_net_init, bind tcp socket fail,err[WSAE-10049]!!!..[2021-08-23 21:52:25] : [DEBUG] onvif_device_hello, p_buf = <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:enc="http://www.w3.org/2003/05/soap-encoding" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:d="http://schemas.xmlsoap.org/ws/2005/04/discovery" xmlns:dn="http://www.onvif.org/ver10/network/wsdl" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:tds="http://www.onvif.org/ver10/device/wsdl"><s:Header><wsa:MessageID>uuid:30991b2f-72c2-24fc-5d79-2b1312437e85</wsa:MessageID><wsa:To>urn:schemas-xmlsoap-org:ws:2005:04:discovery</wsa:To><wsa:Action>http://schemas.xmlsoap.org/ws/2005/04/discovery/Hello</wsa:Action></s:Header><s:Body><d:Hello><wsa:EndpointReference><wsa:Address>urn:uuid:718a1fb9-27d6-3c95-6829-4ab318de4250</wsa

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2434328
                                                                                                                                                                                                        Entropy (8bit):6.265968626461031
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:pQ1VVA2kTpvTDuW8VNd1CPwDv3uFh+0nU9:pQ1Vu5DuW8fd1CPwDv3uFh+0Q
                                                                                                                                                                                                        MD5:76F7CAAE87C6B10D73A48ADB64F02E05
                                                                                                                                                                                                        SHA1:A1A2325697B59B3BF1C2B915692F9F876DB422FC
                                                                                                                                                                                                        SHA-256:CC9FB81E2B8BB441E6F21B7DCE4EA9E6244687614CA96DDC4C4A5152AEC0B546
                                                                                                                                                                                                        SHA-512:0C63D56DE81BD1DC9D4836ED99DDF572CC20BFDD451C474B3F17DC06C1417940812D691FED5F283A28536C2FB1DF4A4B7DC4476BD8883150CEF3C207EA3C16CC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#..eg..6g..6g..6n.L6s..6\..7e..6\..7m..6\..7m..6\..7l..6...7l..6g..6...6g..6q..6..7...6..7f..6.. 6f..6..7f..6Richg..6................PE..L....o.^...........!................E.........................................%.......&...@...........................!.hg...U$.T.....$.|.............$..)....$..... g!.8...........................Xg!.@............P$..............................text.............................. ..`.rdata..............................@..@.data....Y....#.......#.............@....idata..J....P$.......#.............@..@.gfids..%....p$.......$.............@..@.00cfg........$.......$.............@..@.rsrc...|.....$.......$.............@..@.reloc..D.....$.......$.............@..B........................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):515352
                                                                                                                                                                                                        Entropy (8bit):5.814325336262614
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:pJ8sR6fYGsTRZ9vpHvG9ZiBgp/GidLzVaU2lvzXE5:p/Xsf8WaU2lvzXE5
                                                                                                                                                                                                        MD5:2D243F92BC544F00355E838609D90964
                                                                                                                                                                                                        SHA1:294C1A81472F999150F61AF48D03BC54C78CE1B4
                                                                                                                                                                                                        SHA-256:288B264F9439EBA229D29A00D8837696923E90095A360BC42C045C24D7A68F15
                                                                                                                                                                                                        SHA-512:095634D11F632629657454213E91A4F0A7C88A432E41A78689F928F1655B251FE579E1E9C7B1766130D6FA326B25F8E93262885521E2F6976A3531CF051A3E97
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.7..xd..xd..xd.b.d..xd.Dye..xd.|ye..xd.D{e..xd.D}e..xd.D|e..xd9Dye..xd..ydL.xd9D|e..xd9Dxe..xd<D.d..xd9Dze..xdRich..xd........................PE..L....o.^...........!.........0......................................................c}....@..............................N...Z..........s................).......3......8...............................@............P...............................text...y........................... ..`.rdata...i.......j..................@..@.data....;.......6..................@....idata..3A...P...B...*..............@..@.gfids..%............l..............@..@.00cfg...............n..............@..@.rsrc...s............p..............@..@.reloc...:.......<...x..............@..B................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\runconfig.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28635
                                                                                                                                                                                                        Entropy (8bit):5.2012587313035885
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:uJymAewyafBfBb3IyRcKjo8jmnCB8G289tn+Q8D/BOKJt28WH8mHmQn/rajAZxqg:Jj5B+xERuY7MIAIASkXS6XNQ
                                                                                                                                                                                                        MD5:612C974F0E3EA3B05914188CA96A0AA6
                                                                                                                                                                                                        SHA1:12D18BEBBDB5D03D21C2BE8E4F35CD4C8834FB7B
                                                                                                                                                                                                        SHA-256:9A37752D8A0B5E89DA83AFD9D65A22DA8781D1C74699B1FB78E324001D787A37
                                                                                                                                                                                                        SHA-512:5C4873A6A5FF06E07A06D5CF857E8E5929C7F8955900D2756F5D405C48A618B3A13DFFBF30FD2E26D49D4E9B15FA6B8AF3B9DDA2551052ED31F7F3364F2F9AC5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>...<config>...<log_enable>0</log_enable>...<log_level>0</log_level>...<device>...<server_ip>127.0.0.1</server_ip>...<server_port>10000</server_port>...<http_max_users>16</http_max_users>...<https_enable>0</https_enable>...<need_auth>0</need_auth>...<EndpointReference>f258763e-0959-4c30-b432-6729c72df070</EndpointReference>...<information>...<tds:Manufacturer>ScreenBeam</tds:Manufacturer>...<tds:Model>SB1100PLUS</tds:Model>...<tds:FirmwareVersion>1.0</tds:FirmwareVersion>...<tds:SerialNumber>123456</tds:SerialNumber>...<tds:HardwareId>0.1</tds:HardwareId>...</information>...<user>...<fixed>TRUE</fixed>...<username>admin</username>...<password>admin</password>...<userlevel>Administrator</userlevel>...</user>...<RemoteUser>...<Username></Username>...<Password></Password>...<UseDerivedPassword>FALSE</UseDerivedPassword>...</RemoteUser>...<SystemDateTime>...<tt:DateTimeType>NTP</tt:DateTimeType>...<tt:DaylightSavings>false</tt:DaylightSavings>...<tt:Tim

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.ca

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PEM certificate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1298
                                                                                                                                                                                                        Entropy (8bit):5.792853162111365
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:LrDpMNpyvSq0pxpynh0YH0kcP0y7Fm8osGYeoeGOodxp1ha7K9A:LryjppnhkaL7FCsGYeoWipS
                                                                                                                                                                                                        MD5:CDAF1F178B74FDF227723E7516464254
                                                                                                                                                                                                        SHA1:85908E45E29EAAE60CE6D4EB90861B0C61DDDD89
                                                                                                                                                                                                        SHA-256:525CA5B085D6F9D4A4D7C4C7A2986E9E4E467EE1030E12EDF07C5E2812BD1C79
                                                                                                                                                                                                        SHA-512:44F7A7222075F63B7681B9C4C301D7F318B476E3518C4D3A76F21340BFC158AA5A01D7E523C5EC254D9E621D793F0D50C906063A3139717B6DA73B65F0406963
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:-----BEGIN CERTIFICATE-----..MIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEBhMCVUEx..EjAQBgNVBAgTCUNhbGlmb25pYTEPMA0GA1UEBxMGSXJ2aW5lMREwDwYDVQQKEwhC..cm9hZGNvbTESMBAGA1UECxMJQnJvYWRiYW5kMQ8wDQYDVQQDEwZEYW5pZWwxIjAg..BgkqhkiG9w0BCQEWE2tpZGluZ0Bicm9hZGNvbS5jb20wHhcNMDYwODA3MjMzMTIx..WhcNMDYwOTA2MjMzMTIxWjCBjjELMAkGA1UEBhMCVUExEjAQBgNVBAgTCUNhbGlm..b25pYTEPMA0GA1UEBxMGSXJ2aW5lMREwDwYDVQQKEwhCcm9hZGNvbTESMBAGA1UE..CxMJQnJvYWRiYW5kMQ8wDQYDVQQDEwZEYW5pZWwxIjAgBgkqhkiG9w0BCQEWE2tp..ZGluZ0Bicm9hZGNvbS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOoE..anmsp8b0bUKiI7KeSEK0r6jUvKmP/DoPw2bMH8ufU3NrMrUxiqTWYw1hf21T9oZ/..75V1N4KPHE8XXuMLgAaIhBS1ynj2hrzqrK7+uVp+tV7Txwg8w/XoMRacMRLVk94W..eCHwC574sIq54EX0Ah6GmO4D045J4xiT595wB7ztAgMBAAGjge4wgeswHQYDVR0O..BBYEFDTJsJlw8ckQu3dWh5SGlXAQ03ECMIG7BgNVHSMEgbMwgbCAFDTJsJlw8ckQ..u3dWh5SGlXAQ03ECoYGUpIGRMIGOMQswCQYDVQQGEwJVQTESMBAGA1UECBMJQ2Fs..aWZvbmlhMQ8wDQYDVQQHEwZJcnZpbmUxETAPBgNVBAoTCEJyb2FkY29tMRIwEAYD..VQQLEwlCcm9hZGJhbmQxDzANBgNVBAMTBkRhbmllbDEiMCA

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.key

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PEM RSA private key
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):902
                                                                                                                                                                                                        Entropy (8bit):6.008844379962527
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:Lr4Rt7PVG5ju0j71GT86Ohq3B9avOcyh1uMRESsH6:LrEtgPjxX23Uxyfurq
                                                                                                                                                                                                        MD5:022C48439BC463BA3EC82002B5845A3C
                                                                                                                                                                                                        SHA1:2CD2A36E397287481E46B7E85477A70072127922
                                                                                                                                                                                                        SHA-256:B95A00C0C85DBF880BC9010CDB9C073B1665D5B4A940E05109A667438984A529
                                                                                                                                                                                                        SHA-512:50C44A1667095CC9DAA02A4D7150D82211A69A5E59B8BEC8108B94F8A4A115BA8DEED05F886FB1A25065179FD5F474CAA8B00BC85F8849389C80920A32755C08
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:-----BEGIN RSA PRIVATE KEY-----..MIICXAIBAAKBgQDqBGp5rKfG9G1CoiOynkhCtK+o1Lypj/w6D8NmzB/Ln1NzazK1..MYqk1mMNYX9tU/aGf++VdTeCjxxPF17jC4AGiIQUtcp49oa86qyu/rlafrVe08cI..PMP16DEWnDES1ZPeFngh8Aue+LCKueBF9AIehpjuA9OOSeMYk+fecAe87QIDAQAB..AoGAIZ9QzPqJgIRNzm0NQ/SJ3UuokVE/af1N9+mb4YEicFcL3mFgf7gGe3hx8tI3..RLXzjY+EFK0qtI9rOdHZyDU2x3MuqaxICq25GD8u5Sq5SEcqeIA3xgF2HcytkXoo..WRXjJF8hKypVTM6Q6ApYT0iSQylRYEk2FyRFXrmzSby5EgECQQD4QoWGwBOonO7y..Ar47ulgppx1uwOVW4tHP5gjTzr1+UKcyhNaWWkIKPm1MsDTB0K78SV06cfRpFWoX..k395zuq9AkEA8VA3qvhfDrwvL+7FN56S9X9dmMgyTpp5D+/Ay2EoXaw03wPDGUyu..0xpIL6AJV4+66op3DRGM+zdOX//i/DxV8QJAP5gqxD3ny0WIIA571KkDdIgOjhRz..qzInNO5kTH2lJPpcGiDVJ2avjBg5v29T1GI0sQPKEfKm/VQy/R8XhIhwsQJBANIl..6qTAsX+SkIFsrWE3foG/DlKMHYtoaP9g6oPzM4UH/+8rRo9UwXbkD3MyKpCPgdbZ..CL5fx2fLDTz7CcBiBvECQFTdSuvk4OaOgtw0aFn3JSsHGZI9uZLIcoRemOQNg1o2..0PXn+gNzVkz6mdTwdgLNoKWLZxAC9faG2HA3UlobZzE=..-----END RSA PRIVATE KEY-----..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\user manual.pdf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PDF document, version 1.7, 25 pages
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):682431
                                                                                                                                                                                                        Entropy (8bit):7.869888364240819
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:A86ijIexjY7508+5xtPNWvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvK:A52Wu+cE33MO30BnHNT17
                                                                                                                                                                                                        MD5:A26BDC90611ED559EB76EB35EB8B5219
                                                                                                                                                                                                        SHA1:E739803561D958E6FBBEA50295C22218FFD3D23D
                                                                                                                                                                                                        SHA-256:0D9FA2A08AAE647FDD0014B4C0CF0951FF2A63BA4D7D2E5C0FF43769FA8BC8AA
                                                                                                                                                                                                        SHA-512:CD63F6D27DD2EEA26773A5D8B33322CEDA130510840B3AADFBF2D59CB3CE29F25EFD9CF0EFAA6ED51B78D937693BAFBB05A7B9431A53965A2D30FBFF5FBB7D98
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:%PDF-1.7.%.....1 0 obj.<</Names <</Dests 4 0 R>> /Outlines 5 0 R /Pages 2 0 R /Type /Catalog>>.endobj.3 0 obj.<</Author (Happytimesoft) /Comments () /Company () /CreationDate (D:20210802110638+03'06') /Creator (...W.P.S. e.[W) /Keywords () /ModDate (D:20210802110638+03'06') /Producer () /SourceModified (D:20210802110639+03'06') /Subject () /Title (Onvif Server) /Trapped /False>>.endobj.8 0 obj.<</AIS false /BM /Normal /CA 1 /Type /ExtGState /ca 1>>.endobj.6 0 obj.<</Contents 7 0 R /MediaBox [0 0 595.3 841.9] /Parent 2 0 R /Resources <</ExtGState <</GS8 8 0 R>> /Font <</FT14 14 0 R /FT19 19 0 R /FT9 9 0 R>>>> /Type /Page>>.endobj.7 0 obj.<</Filter /FlateDecode /Length 444>>..stream..x....J.@.....;.Z0f2.t.D......S..D.AA.....k...S)e..L....W..u..$.....^..6...=.....=........]..TQ..+F l.?.p.n.!)|8..r_..i...eir..U.....a...\....I ."S......t.=A..}J..;/..^..1d.%J....J...+x....0...J..Mn..... L[!.arDV.>/ i.G....1n....5ww....Z.}.;....|.........DQ.,.W.d......f...0J^..z/. ..q....0.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):74520
                                                                                                                                                                                                        Entropy (8bit):6.849073361501379
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:lz2886xv555et/MCsjw0BuRK3jteo3ecbA2W86f7Qrx:lz28V55At/zqw+Iq9ecbA2W8CM
                                                                                                                                                                                                        MD5:16D54D972D54D9BA173E7047DA053EBC
                                                                                                                                                                                                        SHA1:42496689C880D5FC84A58771CA32FD23D04D63F2
                                                                                                                                                                                                        SHA-256:4FCA28A88ECA9EC5E82493AEA44E35FA2C798365019A1FB2DE658DBDA2B91DBB
                                                                                                                                                                                                        SHA-512:D0E2DD447D15A804B8D537D30FC839797A2BB24A66F4CF170B7863C23DB843FF0541ADD26A76706DDD6D3575D3B744610A299E1B85ECA2A61BCC767BD08C3D0D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0......\.....@A.............................................................)... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):402200
                                                                                                                                                                                                        Entropy (8bit):6.730528504742971
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:pLVeNa307jXrapwILWL9pMCsVohOn81Za7PGW698TB5vC0Tzhc:x36jALWL9OCmohOnqcGW698TPvC06
                                                                                                                                                                                                        MD5:5D8A2DC0D64047A42CE1758B8AEE0BA1
                                                                                                                                                                                                        SHA1:92189B2A3F516BF15BB55262489011F373050656
                                                                                                                                                                                                        SHA-256:EEC45B409153689030AC18574C3839B1A8506A0D00C55E9F094572E0D3C69BF4
                                                                                                                                                                                                        SHA-512:F155E765B57EDEC5E5F8E1B84F6BC55C318DFA89B2FD9F09D4767C0CF8A3CEC302B4059AF9514A6F6FAE7C443ED0F67C27D16AB42EDD1E552D559A3929CC68DA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z.....T...T...T..yT...T..{T'..T..zT...T.E.U...T.E.U...T.E.U...Tq.CT...T...T...T>E.U...T;E.U...T;E.U...T>EwT...T;E.U...TRich...T................PE..L.....^...........!.........$...............................................P.................................................(........................)... ...$.....p...........................P...@...............h............................text...)........................... ..`.rdata..............................@..@.data... ...........................@....gfids..d...........................@..@.rsrc...............................@..@.reloc...$... ...&..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3567896
                                                                                                                                                                                                        Entropy (8bit):6.16216161588641
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:rOkuRMk0mZk7qDL2PtBLhM7RU7R2/8QcVYtk8:rOk4P4dmRU7R2/8QcV6
                                                                                                                                                                                                        MD5:517CA1ED1FAA9B1E8EE005F64DD4AA84
                                                                                                                                                                                                        SHA1:38691885E67D42743275EF918F6D5CDBF98B5794
                                                                                                                                                                                                        SHA-256:03CF2548381FDE6459EF6BDAE34A0A55E0E864A570EBC8BE6F0383DC0726F72F
                                                                                                                                                                                                        SHA-512:FC9AA41BC83E72468F0568A07EED14477C895D6404FCBEF43C41058953A5C8766F767608B54F6710C14BF97F82548B90DD729E6A23BB1BC006479E62FC638113
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..>6..........]6.. ...`6...... ........................6.....t.7...`.................................1]6.O....`6.P............H6..)....6......\6.8............................................ ............... ..H............text....=6.. ...>6................. ..`.rsrc...P....`6......@6.............@..@.reloc........6......F6.............@..B................e]6.....H........^...............g..X.,.(\6.......................................(F...*..(F...*..(G...*..(H...*"..(I...*&...(J...*&...(K...*>.-.~....*~....*^......................*"..(L...*...0...........r...p.oM........ ...oN...oO....r5..p.oP........ ...oN...oO....ra..p.oQ........ ...oN...oO....r...p.oR........ ...oN...oO....r...p.oS........ ...oN...oO....r...p.oT........ ...oN...oO....r...p.oU........ ...oN...oO...*.s.........*..(V...*"..(W...*..(G...*..0..-.......~....- r[..p....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*3675 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1881600
                                                                                                                                                                                                        Entropy (8bit):4.153189992522293
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:joj++vd7wRRaHmTp4dg5uSdV0uRlqV9CNxoF4dj9j:+nRXH/g5ndV0yNZt
                                                                                                                                                                                                        MD5:94C8740D63B37C684DE2161DAB3F12A0
                                                                                                                                                                                                        SHA1:0D9D0A83BAA3A88DF4C81244215E310E0BA4FD94
                                                                                                                                                                                                        SHA-256:7D118A9927106081E6861212729B50B9954CDC156BEA7553D76A2E137D97A048
                                                                                                                                                                                                        SHA-512:3C97A442758325B8262015A47AF1BFB47F838C70557AC95AE8BCE9D5D87696344F46D928D1A99999CB8924A343EFCFD717F167030F6B2930A3B9CB3524D2CEBF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........[....5......Z...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):599672
                                                                                                                                                                                                        Entropy (8bit):4.694314470643874
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:NktMqadrRUnvQFqnhpcROFutFeBiR5b7TVjEqqpFL:3UCA
                                                                                                                                                                                                        MD5:3DEB13968C22CDE75D6F614DFA25758E
                                                                                                                                                                                                        SHA1:177E9B52A72AE157F70EA16D16F3E917BEBE3B79
                                                                                                                                                                                                        SHA-256:90AACC1B9F0325A081C1DC5BABC580D693A3D5CAB61905BE8D3E9BC2496F4ACB
                                                                                                                                                                                                        SHA-512:8269F6900AB3AE726D6D79C9135F1D46A8AE9192C88C7EE82CA6038CD25CC5CC30D7F5215D049CB17DEC8EA18F02511315E79C16F17A0148DEF46580B746F314
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>MahApps.Metro</name>.. </assembly>.. <members>.. <member name="P:MahApps.Metro.Accessibility.AccessibilitySwitches.UseNetFx472CompatibleAccessibilityFeatures">.. <summary>.. Switch to force accessibility to only use features compatible with .NET 472.. When true, all accessibility features are compatible with .NET 472.. When false, accessibility features added in .NET versions greater than 472 can be enabled... </summary>.. </member>.. <member name="T:MahApps.Metro.Actions.CommandTriggerAction">.. <summary>.. This CommandTriggerAction can be used to bind any event on any FrameworkElement to an <see cref="T:System.Windows.Input.ICommand" />... This trigger can only be attached to a FrameworkElement or a class deriving from FrameworkElement... .. This class is inspired from Laurent Bugnion and h

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):102168
                                                                                                                                                                                                        Entropy (8bit):6.1195437867134945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Krf5GttgxHXEuRmG5rtkGY4CEmWAxXSSYhhS98ca2Wvsd65FJDlGWwkEyq7QTxz:i5GttWHXEUx5r65LxXshk8JDIWPqMl
                                                                                                                                                                                                        MD5:9865A667A6B6CC39EECE297FA758DCF9
                                                                                                                                                                                                        SHA1:C832B205EDE70FAF5FAB88C8E94DCB5E7820DF68
                                                                                                                                                                                                        SHA-256:0D6DABEF0EC8326177DDE11214C57341F18775A91D955B17ADC23AB6CA60826D
                                                                                                                                                                                                        SHA-512:269F5332470B791EB27D4B08A38441C58A16862ABCB7C40E91B1B37A03B525F3A62AD68ACF061BA17A99F6BA4D1B1D59A7AF5C171179DC6D9EF59799BC6DC156
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...eu.K...........!.....\...........z... ........@.. ..............................MX....@..................................y..K....................f...)...........x............................................... ............... ..H............text...$Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H...........L...........x...1...P ........................................z...y.k.....bdd I..`..).PsR@... .aL...%:...y.....XDgM.X}..~)2.v-..4..........EAZZ...,..[..H...o5*C.o...5/I.m.!2...#.:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (409), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):76763
                                                                                                                                                                                                        Entropy (8bit):4.535821308884759
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:+hRBEEny5f5YFsUxLvgLTGzJxKG4E+pZ1aI8a2GKvEGKGlMEYHDPrMp3hIr4Poqm:qvyFrMp3hc7oTi
                                                                                                                                                                                                        MD5:6183C17BCC82E2A2885A14B35FA50B1C
                                                                                                                                                                                                        SHA1:CE4E6A7BA118FA52DCD3C5E448F1FA26040E85E3
                                                                                                                                                                                                        SHA-256:6208068DD16A2C1C79FAA2E29CA029B59DE06CD66F16D9DC27EDABB8FFEBAD48
                                                                                                                                                                                                        SHA-512:B5140BECB6F72075BDFFB40DCCADD77A83B8836BE87FE2B3AB7AF18EAD85F6F9171B3E97640352BEB1DB64393CA67033EC09F7B2F95C85ADE795ECE866B39DF3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Expression.Interactions</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Expression.Interactivity.Core.ActionCommand">.. <summary>.. A basic implementation of ICommand that wraps a method that takes no parameters or a method that takes one parameter... </summary>.. </member>.. <member name="M:Microsoft.Expression.Interactivity.Core.ActionCommand.#ctor(System.Action)">.. <summary>.. Initializes a new instance of the <see cref="T:Microsoft.Expression.Interactivity.Core.ActionCommand"/> class... </summary>.. <param name="action">The action.</param>.. <remarks>Use this constructor to provide an action that ignores the ICommand parameter.</remarks>.. </member>.. <member name="M:Microsoft.Expression.Interactivity.Core.ActionCommand.#ctor(System.Action{System.Object})">.. <s

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):146200
                                                                                                                                                                                                        Entropy (8bit):6.131563704651892
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:zCPmFPD950+dzR1decbMn5TX55r4j2cM:GPmVDz0+d05T
                                                                                                                                                                                                        MD5:2A0A9315CE757BB9E65305A17967948D
                                                                                                                                                                                                        SHA1:51974883F5129FA902A6FDC157BDA06ADC378C13
                                                                                                                                                                                                        SHA-256:2AFF06C6139129769CA832BB6700FE065872E701ED7E0093A0A217B7F7D13F74
                                                                                                                                                                                                        SHA-512:44F0C188353CABB4BE8694B35D24F64EF9E2D5A99023FDF012265521951F8A924C8142844FD6470410638DEABAA77FA47271338D738820740A28514374977B74
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g............" ..0..............'... ...@....... .............................. .....`..................................'..O....@...................)...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......X....@..............8...4&........................................(-...*6.(.....{/...*..(0.......1...s2...o3....s4...}5...*..0..F........(6....{5...o7.....,0..+#..(8.........{5....o9........3...X...(6...2.*...0..J........{5....o:...,;(;...(v.........%......(<...o=....%..(>...o=....(?...s@...z*...0...........oA.....E............].......Y...*.oB...o#....+0.o!...........(C.....oD......{5.....(E....oF.....o....-......u#.....,..o......oG...o#....+#.o!.............oH....{5

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):52032
                                                                                                                                                                                                        Entropy (8bit):5.334600855320652
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:Ho05puXM/mr0or4TKzkhq5WGneTfAp+A5cgWpORyUtAOHpZfDvdorxU5HMRI0xgm:1JWL4w2WtAOJFl4nkrvq3
                                                                                                                                                                                                        MD5:5C23C6B85B1BF45EB8B2B36014C24D87
                                                                                                                                                                                                        SHA1:EBFF7B739F015EB024A7FA3F947A39E02DC70E31
                                                                                                                                                                                                        SHA-256:FB216DDB86BD1E6053BF8BAD8E67557E2922D56D83B913197142C872907BC79A
                                                                                                                                                                                                        SHA-512:5BCE36466755B173512D9EBA3172B5194F9FE548E11718850DD4C239134729344CB00976A70E398AA5BA048AEAC64331E4A23F0E48272455C93530B95987D11B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:BSJB............PDB v1.0........|.......#Pdb........dW..#~..hX..H...#Strings.....e......#US..e..@...#GUID....e..Le..#Blob....fQ....N.A.|9..C.......W_.......... ...j...4...................'.......................@...............P.......................................................<...............1...................................................................................c...u...........$...6...m.......................................<...N............ ... ...!...!..B#..T#...#...#..[$..m$..#%..5%...&...&...'...'...(...(...)...)...*...*...2...2..a6..u6...8...8...;...;..^<..r<..G>..[>...A...B...B...B...C...C..MD..cD..iF...F...G...H...T...T...U...U..OV..eV...W..1W...Z..2Z...[..-[..,\..@\..na...a..[b..ob...b...b...b...c..Kc..ac...c...c...c...c..,d..@d..od...d...d...d...e..*e....................................,...>...5...=...m...............................0...7...>...J...[...b...............;...\...m...~......._...0...7...B.......o...........<...C...J...Q...]...............@.....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (389), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):139226
                                                                                                                                                                                                        Entropy (8bit):4.53900325821367
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:+ZyjUyXsNaimE+YRwUxLvgLTGztxKG4E+pJ1as8a2G6vEG+GlGgLPgJRBy8nm0lr:F9gk/BUB0fYSt3Bl
                                                                                                                                                                                                        MD5:83A73589D5705D3A890253A6F8C140EB
                                                                                                                                                                                                        SHA1:27C092DBB481D0207FB160098BB4B43FB0D6E126
                                                                                                                                                                                                        SHA-256:0672969B6ADF9FC6D56873FF17FC8F45E9FEBC2FD6E997B19D5CB7EF2546DB70
                                                                                                                                                                                                        SHA-512:A18A29FDF055E2507A6BD2837FF1D9B6E9A0486B315C786FC86B49DC2229B8B167A7D103FB16EF342916324A08DF0EDCAEEAA2BFD0F4FF8862C63572C9AD371B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Xaml.Behaviors</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Xaml.Behaviors.AttachableCollection`1">.. <summary>.. Represents a collection of IAttachedObject with a shared AssociatedObject and provides change notifications to its contents when that AssociatedObject changes... </summary>.. </member>.. <member name="P:Microsoft.Xaml.Behaviors.AttachableCollection`1.AssociatedObject">.. <summary>.. The object on which the collection is hosted... </summary>.. </member>.. <member name="M:Microsoft.Xaml.Behaviors.AttachableCollection`1.#ctor">.. <summary>.. Initializes a new instance of the <see cref="T:Microsoft.Xaml.Behaviors.AttachableCollection`1"/> class... </summary>.. <remarks>Internal, because this should not be inherited outside this assembly.</remark

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\NLog.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1434
                                                                                                                                                                                                        Entropy (8bit):4.900941090644329
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:JdNQjY8jsLoKaQe1W04pyaMMW04FzMSMpbP3KabFx2ldnD2cc/Or:3b8jbgpXMzFzMSMdvClJ7r
                                                                                                                                                                                                        MD5:5DD8A1A04E3B8E2CF8D8D0CA563A08F5
                                                                                                                                                                                                        SHA1:DD79976E4FB6D7799B83EF26569C0FF433662FF3
                                                                                                                                                                                                        SHA-256:8687718C6EB351CEFFBE09395A5F565790E4F784DA2A4464DC411960FD3BC99A
                                                                                                                                                                                                        SHA-512:8B472C76E9D4DD97775B72211D4C54A5A552CF60055B6A4F139EE224E6B483898D3607646FA285850DC2A990DDCCF84F71E6DCCF0B33D70F6E13009B0BEA233C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. autoReload="true".. throwExceptions="false">.... <variable name="appName" value="ScreenBeam Conference" />.... <targets async="true">.. <target xsi:type="File".. name="default".. layout="${longdate} - ${level:uppercase=true}: ${message}${onexception:${newline}EXCEPTION\: ${exception:format=ToString}}".. fileName="${specialfolder:LocalApplicationData}\${appName}\Logs\${appName}_${shortdate}.log".. keepFileOpen="false".. archiveFileName="${specialfolder:LocalApplicationData}\${appName}\Logs\${appName}_${shortdate}.{##}.log".. archiveNumbering="Sequence".. archiveEvery="Day".. maxArchiveFiles="30".. />.... <target name="debugger".. xsi:type="Debugger".. layout="${longdate} - ${level:upperc

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\NLog.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):888600
                                                                                                                                                                                                        Entropy (8bit):6.070730629271981
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:v1g1a9wdGNA9qQmDocTrP5rs3ekNuquwKUYaDyUsQ:v1g1a9wdGNA9qQco+rh0uqvKUYamUsQ
                                                                                                                                                                                                        MD5:264D058F7B81F04DB1226B445C2778E1
                                                                                                                                                                                                        SHA1:55EBACEF68FB44E256CA903111EA8CDFF5F74AF2
                                                                                                                                                                                                        SHA-256:27E547AA5109FD272B59EC0303CE157A4D44C95D3E1753F402BAAD3640D05F3C
                                                                                                                                                                                                        SHA-512:919C7F93A2F1EF66A26A468933406B5BD5F2C9D35D4E96417A64AE85A3914000840585A6E065E721FF31A38D69E3BA8BC427477EE08A6D3CA492E146488D0DC5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..X...........v... ........... ...............................w....`.................................<v..O....................f...)..........tu..T............................................ ............... ..H............text....W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............d..............@..B................pv......H........,...=..........Dj.......t......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\NLog.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (385), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1661000
                                                                                                                                                                                                        Entropy (8bit):4.576713883814205
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:3bDXjSkDsv6ZrgFOG3We13QixCx8ZaRIHp8TEKcQonqDhIrMBc+6z+beoX:PH15e8EKH
                                                                                                                                                                                                        MD5:CA532230EDE750DC11C7E26C521F382F
                                                                                                                                                                                                        SHA1:F8DB7F7BF3C5A7B68CAA072D79064EFC52F66ABC
                                                                                                                                                                                                        SHA-256:0840395F0EF1BFF0746895255C19AF38E7775D3C316892E94C6514E834E3BFB5
                                                                                                                                                                                                        SHA-512:5025B6EE3E9C56D902435D209C75A3A6A873B489656B0E42BDBCCEEE8F3B083A1F06B74AE436552E00CCEE0C1D0D6726408FECF2A68091B442E44EBC79B80929
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>NLog</name>.. </assembly>.. <members>.. <member name="T:JetBrains.Annotations.CanBeNullAttribute">.. <summary>.. Indicates that the value of the marked element could be <c>null</c> sometimes,.. so the check for <c>null</c> is necessary before its usage... </summary>.. <example><code>.. [CanBeNull] object Test() => null;.. .. void UseTest() {.. var p = Test();.. var s = p.ToString(); // Warning: Possible 'System.NullReferenceException'.. }.. </code></example>.. </member>.. <member name="T:JetBrains.Annotations.NotNullAttribute">.. <summary>.. Indicates that the value of the marked element could never be <c>null</c>... </summary>.. <example><code>.. [NotNull] object Foo() {.. return null; // Warning: P

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):704792
                                                                                                                                                                                                        Entropy (8bit):5.954758883448302
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:T9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3i:T8m657w6ZBLmkitKqBCjC0PDgM5y
                                                                                                                                                                                                        MD5:366041A6141D665927A3F622B257D2B9
                                                                                                                                                                                                        SHA1:D80B8843B81E175A6356FEAC9BF17D75A4B43BC0
                                                                                                                                                                                                        SHA-256:2B470C31D1C5933D5E01E778528B1416966220A0A286671144874072349D687D
                                                                                                                                                                                                        SHA-512:C6CB888BC5FD4769091DC2EAD8B8394DB7BD83521925C76385F71F52924CDFDD64760C379BD1575B67EC314BDADAB88F94AF9435CA9AEF727473A7AE595CBF4F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................(....`.....................................O........................).............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):710224
                                                                                                                                                                                                        Entropy (8bit):4.632813781023419
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:XqqUmk/RikeaG0rH3jGHdl0/InHHpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DUq
                                                                                                                                                                                                        MD5:F414B3F68FE7C4F094B8FE8382F858C9
                                                                                                                                                                                                        SHA1:66EE1B3266FCEDDE433B392156AB4A24262B2F34
                                                                                                                                                                                                        SHA-256:2D46B37B086D6848AF5F021D2D7A40581CE78AADD8EE39D309AEE4771A0EECCF
                                                                                                                                                                                                        SHA-512:19B2FEB40C2E9D4D20D9A21F88F6ECEA773060C056B8CBBD21A6EEC41486DC5FC101E6C31129B0D53466D04709BCD4ED777058DDFB02532242B43E253A7B24BD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56088
                                                                                                                                                                                                        Entropy (8bit):6.322783434897543
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:UkCPMBRD49uC70Ky9xbLwLJ7ElKntB7QpxrP:EPMz4s9xbLwN7ElKntBMDP
                                                                                                                                                                                                        MD5:68A66193731581F66D18F4C0B756D002
                                                                                                                                                                                                        SHA1:7F16918BD95A7A1BF79E5024419A7EAFF3C50FC5
                                                                                                                                                                                                        SHA-256:626CAA6AEAD7562B2E0EA77CD0375CEC00566200F6358A953AD95E96D4055884
                                                                                                                                                                                                        SHA-512:FAABB09687B1E4B1FFFE5C8F949EF0D87A806CEDA14097D1FBFA639C05D772B1A53364A68374AEBEED9FF533287F0454118C2EC40CCF57670E66BC5CB0584422
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............"...0.................. ........@.. ....................... ............`.................................=...O........................)..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................q.......H........F..pr..........................................................>. 4......("...*2......o#...*:........o$...*.0..,........o%...r...p $...........%...%....o&...t....*&...o'...*..((...*...0............r!..p..s)...}.....-.(2....(*...*(+...s....o,...(+....o-...(+...o....o/...(+...o....s0.....o1...&..o2...(3...}.....{...........s4...o5...*..0.._........~....39(+...%-.&+.(....%-.&+.(/...(+...%-.&++(....%-.&+ (6...&+..~....3.(+...%-.&+.(*...~7...*..0..S........{....,..{....o8

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):4.986033023891149
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGOGFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRzSJuAW4p
                                                                                                                                                                                                        MD5:9DBAD5517B46F41DBB0D8780B20AB87E
                                                                                                                                                                                                        SHA1:EF6AEF0B1EA5D01B6E088A8BF2F429773C04BA5E
                                                                                                                                                                                                        SHA-256:47E5A0F101AF4151D7F13D2D6BFA9B847D5B5E4A98D1F4674B7C015772746CDF
                                                                                                                                                                                                        SHA-512:43825F5C26C54E1FC5BFFCCE30CAAD1449A28C0C9A9432E9CE17D255F8BF6057C1A1002D9471E5B654AB1DE08FB6EABF96302CDB3E0FB4B63BA0FF186E903BE8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>..</configuration>

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*259 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):132608
                                                                                                                                                                                                        Entropy (8bit):3.7367234561117266
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:L+Z2ZTTM1ldA+TnAGrpqOF052IeUfQV5kGgv1s5zM6265QCuhdgl9gKfU0dSsJfA:ZfQ7Eds5zM6F5cfg8EU0dSsxNfQ8IsY
                                                                                                                                                                                                        MD5:5DAAA783F426B37DB9254F6063054D6F
                                                                                                                                                                                                        SHA1:7756681B5C157B1503EE8E576DF7B94B0C5D30A5
                                                                                                                                                                                                        SHA-256:5B78D9816A463FBDFF8F0B7E6D0F8AB206C0EE5437049DB88BBE09CEFA648CE7
                                                                                                                                                                                                        SHA-512:389C3F11A8A0FC4178EB99BC3DA0BCFCD75B2540688C50434B396FA34F043D3FFB91B63D8B997ABC9F8AA309D7387ED58A3C3046447DCBABB76384D1D53D1E15
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................8..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):55576
                                                                                                                                                                                                        Entropy (8bit):6.483068689026689
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:LLXeNPlvBp41PItj3U8gD9AzFELhPsFVYxN7QTx3:LLXeNPlvj41PItj3KDUFSPaYxNMd
                                                                                                                                                                                                        MD5:92678FC8ED4682798690FBB4068F87E4
                                                                                                                                                                                                        SHA1:15102795B1997642D51A4B9B41C5772CA30C8D7F
                                                                                                                                                                                                        SHA-256:9C758770439967517A38B0253487ED7C274A86D5FDA347829D3D69D1C47CA41E
                                                                                                                                                                                                        SHA-512:77705B9C3AA66751D50B1249803391F515A27F20054F41E1C266858EAF22190DFCF12716FEB370B5CDE95D79C7467F64CC7A84C44B170783962C28279BD323E4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}.\e.........." ..0.................. ........... ....................... ............`.................................|...O........................)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........8..........\...h............................................0..........(@...*.*.0..o....... E0..(%....~.....o.....(....,..+..+.-..(0....(0...(.....o...... .0..(%....o......o.....,..+..+.-..(0...*.(0...*..0..........~.... .0..(%....(0...o...... _1..(%... @1..(%...(....o....o.... N1..(%...(.....(0...o.......,..+..+.-..o.....~.... .1..(%....(0...o...... _1..(%...~.....(0...o.......,..+..+.-..o.....*........@[...................0..........~.... .1..(%....(0...o......

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*75 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):38400
                                                                                                                                                                                                        Entropy (8bit):3.097681309335531
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:CwFyFr8sKK8PuuN/qtMfrdAU8sKH8Pu1dL:CwFyFr8sKpPua/xdR8sKcPu1d
                                                                                                                                                                                                        MD5:EE633CA4D9B35855BBE69FE010669F1D
                                                                                                                                                                                                        SHA1:174460DC05E7272F4D7EED7457067849E60DB4F4
                                                                                                                                                                                                        SHA-256:F3F3104207128C7DC15F0CFD00A3F7A0E4DCE8C3F3AF49EC34D8B4797CEE9E4C
                                                                                                                                                                                                        SHA-512:9EAEF0A16F144CEC11B0BDE9297C6BE994A4E2BC9CF5C266B913E5F21CE613B2B1034E7C29001B84971B42B3CE2B316288534625898CF36ED3E3F9E975010FEA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........K...........G...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):150296
                                                                                                                                                                                                        Entropy (8bit):6.2877503298419954
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:dkYDVm7z6Irlqnq6O5KwVrVREFZogSXqiOpsDRgQt6lWQIcNVbx5CBvM:bV6Tuq6nyvgQt6lWDg15C
                                                                                                                                                                                                        MD5:D4B807F8663CFEACF31F20627ED822B4
                                                                                                                                                                                                        SHA1:AD8FE8AB50255E15EF0FD593F1A8A9FDD18324A6
                                                                                                                                                                                                        SHA-256:55D7914441A4036CD83B7331DF7ED2D4D7F7314B0C65F195D6B23B18F4DD14FB
                                                                                                                                                                                                        SHA-512:704A5A7BB68645201451D82A333FC2FB94A78D0EF86A4F408EB11B00C1809A614EE3F8BC9AA0A1D7511CD9E2D8F89FC38F5B9ACC72F9E72198AABB03DD8B1109
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e.........." ..0.............N8... ........... ....................................`..................................8..K....@..............."...)...`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................08......H.......H]..............0J...............................................0..........(!...*.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0..@................... 5,D. L..aeYE....\...v...H.......i....................... ... ..U.Y ..Y.Y;........ ;... ...X e...X ....cYE....k.......8.... x.F.f .F.X ....ce* ..c.f ..c.X* .5.(f ,.&.Y* .... ...X ..`.Y* ..(. ....a ..."Y* .... ..;.X .E..Yfe* <.. .f..a .w.Y* ...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*603 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):308736
                                                                                                                                                                                                        Entropy (8bit):3.834445533967522
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:KjycJHj8tzak4wMfwTUk+6SnTcS6BfnRJu4UA7pjvU+1VQAudYBEUX4qQaX20Y1I:KK7Mfwg16BfREUpj9VBEUQGvksMijI
                                                                                                                                                                                                        MD5:DD83BE7A8D153599847AB74DDF3862AE
                                                                                                                                                                                                        SHA1:ACE562EC1CE7E881858160CF33687D037F80D369
                                                                                                                                                                                                        SHA-256:9BC9995A776A9187422863F32B2A044F5FE3A47362D77DC6092FD3315F3430FE
                                                                                                                                                                                                        SHA-512:828DBA5B0D57737CC77FCB0943941DF7D394A326DCBFCB2DB4ACCBD09617666134C514B80C418BAECE661312445346FBAD3818C855CE03034946B09362190772
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........[...........Y.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................?..........................................?................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):48920
                                                                                                                                                                                                        Entropy (8bit):6.126747189424118
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:X4yhv8fqk6HrbN63C4rmPZvfZmcUWcm+9dT2snd3wDYiQcAMxkEfDe:dFRZf/85wD7Q6xPe
                                                                                                                                                                                                        MD5:CBE1726392A16F4B21426CA238CA631A
                                                                                                                                                                                                        SHA1:F1A67F610D4FB70CFC2A9635692C7038E2301581
                                                                                                                                                                                                        SHA-256:B57AE1DCFA2AECE1A46444F6689867C5CD8946D94256C4C445CE89A02B7E51F9
                                                                                                                                                                                                        SHA-512:C6DCDE2F588B9F55D535500A469AC5C25FD53FD558FBAD1260275E394F9B4FD2087046B7076EE018E3807215C54490E7402A6E10C0A90692D5E1EFD1FC2903F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................................`.....................................O........................).............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........B..<i...........................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*b.{....%-.&*..s....o....*..(....*..{....*"..}....*..{....*..{....*..{....*..0..^........(............s....s-...}............s....s-...}............s....s-...}.....r...p(......(&...*...0...........~....(.....(....o....("....(....o....(*...(...........s....o....(...........s....o....(...........s....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*287 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):146944
                                                                                                                                                                                                        Entropy (8bit):3.7902276258653957
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:9fLv4i06+dm9GDIEPabRijzVGY8o5oEOhifrIEx5oEOh:5XCUEZVatThdE8Th
                                                                                                                                                                                                        MD5:42E55BB9138A8AD19838E7F4A2057F20
                                                                                                                                                                                                        SHA1:8398755E3092D0C0FBC37AC66DA40CCB98D286E2
                                                                                                                                                                                                        SHA-256:9C8D881E88E6EFF0ACF5A5C749371FA3FFAB30CFA22024987D6143A878589BCF
                                                                                                                                                                                                        SHA-512:50E4B1AA50E159B4B43B9474B50647E636E3D6DD1F3568344CCA5A7218363CC15A7208850D1179CB8024901245B049FB7D70CC53890E1E1D3EAE9B876E99F2E2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4066584
                                                                                                                                                                                                        Entropy (8bit):7.989893157539629
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:MsK37HlDgP9VSUMiAvuLAEJUQV67X1S56ZhsaHB2wSrjXl:MT35MP6UIuLFUQ+W6HxurJ
                                                                                                                                                                                                        MD5:EF47EF719F6B1292D17C6085CC3B9B90
                                                                                                                                                                                                        SHA1:B8A39ABAA12564A2D5DA818D59FB8A06261C653F
                                                                                                                                                                                                        SHA-256:36F7471E268F4E2D15382AB02491C78D4DE0F4DA7108D35BB10C8A3369D4F9AD
                                                                                                                                                                                                        SHA-512:D071C19F4E40384F3BD1C99A988683E110955145CCC0B27EDBC8E53B4456A9BC7CF058D7A90E54FDC92A4D8D080C15BA033939DACACB048B8367506ADE58F0FA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.\e.........."...0...<.........^.<.. ........@.. .......................@>.....7p>...`...................................<.K.....=...............=..)... >...................................................... ............... ..H............text...d.<.. ....<................. ..`.rsrc.........=.......<.............@..@.reloc....... >.......=.............@..B................@.<.....H.........<.|U...............;..........................................0..........(x...*.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..U.........(.....(....+j...(h...a.+O...(h...a.+....(h...a.../XE........$...1....2(.....+....XE........!...N......+..5(O.......+.+...(h.......+...%YE............I...]...q..............8h...8W....(....o......8E....s....%.(k...o....%.(h...o....(......8......o....(.......8.....s.......(h....8............s....(......8...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):933
                                                                                                                                                                                                        Entropy (8bit):5.0355202174457405
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:JdErnJM9zsfFgCJsPuAHGPF7NruH2/+Y9y:3ErnJM9zs6Gyumu7Yg+Yw
                                                                                                                                                                                                        MD5:552EC6CC1F2349624ED0015E3B765A98
                                                                                                                                                                                                        SHA1:B95938B153783194DBC664D4AB4C60FF5C350B7D
                                                                                                                                                                                                        SHA-256:A793490AC3AF49279521B305B3C5C9B9A2A8EF6D1A684BA228E4B68E9A7B5C5F
                                                                                                                                                                                                        SHA-512:6567E66701E5CA16897D40C53BE5E3415A021E70D75D8593AE9D6AB5BD265A09DE8973DFCA3AEEE7BAD0E09275732BA835B7D87A84EE7DA0C8EA4522A989418E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>.. <system.serviceModel>.. <client>.... <endpoint name="NetTcpEndpoint" address="net.tcp://localhost:16669/Service" binding="netTcpBinding" contract="SBConference.Common.IService" />.... </client>.... <diagnostics>.. <messageLogging logEntireMessage="true".. logMessagesAtTransportLevel="true" />.. </diagnostics>-->.... </system.serviceModel>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Numerics.Vectors" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.1.3.0" newVersion="4.1.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*251 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):128512
                                                                                                                                                                                                        Entropy (8bit):3.9446313331430574
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:bdEKENVTmV18AzjLCierdAiYWgi421cLld2SNPcOnqPUwu+fV7lZETvTrXNVTmVb:CnUk97l+TrX9mU
                                                                                                                                                                                                        MD5:0F2B7DAC752BB8D6F9355D3C19066136
                                                                                                                                                                                                        SHA1:0DF783B1D9446D44E35CC9EA5BEBDCEB686367CC
                                                                                                                                                                                                        SHA-256:D4120425EDDBBE64BD34D02791745C16580F736EB382066663DCEDB3B6CB2F5D
                                                                                                                                                                                                        SHA-512:574CEABB9D87892B5AF6BB2209CA4A2476516EBD9166718B9BFF2985DBDB5CD8D7D43C0244C76B2D23142068EA0763BCFDAC9EED6DA5C5E9287C9C771BDC97D0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):160536
                                                                                                                                                                                                        Entropy (8bit):6.281292806431808
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:9K9VX2/egy/giIRVFmXeMlGEs94P6MLrUPBBuOpKUsnj80T+EaDnsPPxbTp8fnTc:9KDXEeFc7KeMlGEsBPsUWq/jFYelgZM
                                                                                                                                                                                                        MD5:64055F4D8272F56AE7140974BC8C42A1
                                                                                                                                                                                                        SHA1:A30F7AFAA05F2B8CA1FD1D384FF5BDC1B0223EA8
                                                                                                                                                                                                        SHA-256:C213A4F1C4FEF1DAF31A6B16D1A251E3C13889AB95AFBECB34AB9AE02C414274
                                                                                                                                                                                                        SHA-512:A1188BA3AC76295544678D3C3E4F06327ACDAF676CABBD22664372E25553931677DED8B98C505004F8DB41331C87392BFDD586B302ACD845928D31FCB4456421
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x4.............!.....@..........>_... ........@.. ....................................`..................................^..O....`...............J...)...........^..8............................................ ............... ..H............text...D?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................ _......H.......x................................................................(....*..(....*..0..8.......s.......o......(....~....(....(....-..,...o....+..o....*.0..............(....*...0................(......(....*J......(.....(....*...0............(.....(.......(....*...0..............(.......(.....*..0..-.............(....~....(....(....-..,..o......X.+..*"..(5...*Z.~....(....-..s....*.*....0.............(.....*...0..F.......~......{.........{....M........ZXM)....(.....~....(.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):349464
                                                                                                                                                                                                        Entropy (8bit):5.895056002324099
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:xjqoeIm08rQRRaTPNKr6hwAdQ7qKCJdj5Q:xjqoeImLrH9hJQ
                                                                                                                                                                                                        MD5:9A688BAEDA135DC316214B17BFF8A878
                                                                                                                                                                                                        SHA1:78F1938D743AE6AB021CF1DCA77E18261CBA99DA
                                                                                                                                                                                                        SHA-256:85D58026468C6F7712B5186231C1923DE896FAEDAE74D89628476FCED6D2E264
                                                                                                                                                                                                        SHA-512:E0DC3BFBCB864D6210FE2C69ADDA945EBAB62CF81CCF796CA94903F196C9B9DC805B6B77EA25D0182830EC6AAD21690B2FF72B78071A71AC57E9D23CF45B1A2B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.............!....."...........@... ........@.. ....................................`.................................4@..W....`...............,...)...........?..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B................p@......H........................................................................(x...*..(....*b(.....3...(....*..(....*j(.....3....(....*...(....*:..-..+..(....*...0../........s....(......+..(......s$...o......X...o....2.**.{-......*...0..C........{'....0ci ...._.{'.... ci ...._.{'.....ci ...._.{'...i ...._s....*..0..L........{-...,>.{-...../ .....{-.....cX.{-... ...._.c.{-... ...._s....*~....*~....*..("...*.0...........|..........(.... ....(....}$.......|..........(.... ....(....}%

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):226072
                                                                                                                                                                                                        Entropy (8bit):5.654688899392737
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:0RpzojglcletW1yZLJ80UOEgS8DOnL6dCZrGxamas0Ank/uy1WWZjUjY1xC/Bytd:61BE5L6xy1WWZjUj47
                                                                                                                                                                                                        MD5:A8D6A2721A284BE9BA4B0F39F7E888E1
                                                                                                                                                                                                        SHA1:D1FB0AC17269D0AD42E8962861A30CCE0694685E
                                                                                                                                                                                                        SHA-256:487A368419824B136F9713BDB64341B56BCDFD888F56AEA20A80D8ECB994160E
                                                                                                                                                                                                        SHA-512:97358FEFBAF102357F1A728EB0B4B375512837E4948C9C570A1334ECED77DF5A97BDDE79299ED9D3A0E879DA66986D62030F40208AD8E93C460AB57658BC4C0B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....@..........._... ........@.. ...............................7....`.................................._..S....`...............J...).......... _..8............................................ ............... ..H............text....?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................._......H.......x....?............................................................(....*.0..Z.........}.....E................$...+/..(....}....*..(....}....*..}....*..(....}....*."....}....*F..}.......[}....*.0..A........{....l#...`.!.@(....k.."..I.5.."...@X.+.."..I@6.."...@Y...}....*....0..*........{...."...@]..l#........4.."...@X...}....*2.{....(....*6..(....}....*2.{....(....*6..(....}....*.0..:........{....(......"....4..l(....k...Y"..pBZ*.l(....k...Y"..pBZ*...0..*........{....(.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):567064
                                                                                                                                                                                                        Entropy (8bit):5.786795272150284
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:E6gB96kgNEh+jVLm7SVTZ+YS5dXnuqhciIgluGvSfTaDu:ESDEhum+F45dXEiDu
                                                                                                                                                                                                        MD5:20C17E2824A914ED7DCA8ADEF73ACD3A
                                                                                                                                                                                                        SHA1:9ED6ED37AA40690E40ABD7EB28106DB28A9EBC72
                                                                                                                                                                                                        SHA-256:EA9550238E6DE8742F3E983676711CC652DA4272C02AC76CEB2F20B11B755474
                                                                                                                                                                                                        SHA-512:9BB436AD5652B2CF168C072655BD9420C417A6E82A4B912679B7F3790E4AFDCB46E1A7D5A98E7DDF037FE29EFFA60BBD2B1F2FF45AFC7AF8F9D2C1E62C74A54D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q..............!.....t..........N.... ........@.. ..............................H.....`.....................................S....................~...)..............8............................................ ............... ..H............text...Tr... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B................0.......H.........................................................................(....*.0..'.........(...........(....(......(......(....*..0..............(.....(...+*.0..%............(....(....o.........(.....(...+*"..(....*Z.~....(....-..s....*.*....0..8.............{.........{....M.!.......ZXM)....(..........(....*.0..,........{.....{....M.".......ZXM)....(.......(....*.0..,........{.....{....M.#.......ZXM)....(.......(....*..*.~....*..(....*..(...+*.~....*..(....*.s.........*...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\SharpDX.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):281880
                                                                                                                                                                                                        Entropy (8bit):6.179349450192092
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:RNGAHSuAfn0xDI+enjgpjgAvZgDlq514bA383R5QAfSgaZoqej16x3aG37B6Hy7j:OAyOEkfBgDlq/M3rQMSN2d1Wqo/Ic
                                                                                                                                                                                                        MD5:D74177A4B7183489E1D6B3DDC01A9035
                                                                                                                                                                                                        SHA1:DF91E04EB944A6C50674FF2F21E020C0C8B70033
                                                                                                                                                                                                        SHA-256:347E78B235D5FA7E5E6B01740EDEF26B55FD6A0735A506DD1FC8C7C54764ABB0
                                                                                                                                                                                                        SHA-512:918C6FE8225E80CE0952D45EF2B42ED27E46F8BCB25A617A2AC7CAEEFCC887E20E33B4721A298E71F704D07A18DA3179F5AFB63636063B3910BBA63397E9C4D1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K..............!.................;... ........@.. ...............................[....`.................................L;..O....@...............$...)...`.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................;......H.......L................................................................(....(....*..(....*..,..(....&*.0..1........{......-.r...ps....z.|......X.(.......3...X*..+.....0..9........{......|......Y.(.......3...3..%o....o.....o......Y*..+.....0..9........o....t/.......q....oh.....M~....(....,.~I...(Q...*~B...*..{....*"..}....*:..}.....(....*....0..[........(......}.....~....}.....{....,:..i........}......(...+Z..(....}......+......(......X...2.*..(...........}......(...+Z..(...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):64280
                                                                                                                                                                                                        Entropy (8bit):6.290990573439475
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:SYe5uO+LcqmQWE1EwULYFaue+7nF107Qux:Sl5u7A5EeUaunJ10M
                                                                                                                                                                                                        MD5:A59A2964CADCE1E6BB157D88C3B85AB0
                                                                                                                                                                                                        SHA1:12D6A020C548BEA189C6955FDD35FF780F40124E
                                                                                                                                                                                                        SHA-256:22998AD8EED3BEDF7D1DD439B5CFCAEBFD9CFE0D5CB2A91A02A04D32CEBE9F10
                                                                                                                                                                                                        SHA-512:7CD7394C59BE71047886A282F8AABFD1756DC46D5E51688C09280520E4A350BBF4E59AA838ED83E913FED77FE36AF0344A9C851C16CC6A78574AAE61DBD85A2D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Bwl..........."...0.................. ........@.. .......................@............`.................................q...O........................)... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......4Y..d............................................................0..D........(....(...........s ...o!...("..........s#...o$..........s%...(&...*.0..;.......(....r...po'...,.(B....((...*..r...p..s)...}.....-..((...**..0.._.......(...........s ...o*...("..........s#...o+..........s%...(,....{....,..{....o-.....}......(....*zs....%.}l.........s/....(....*R..o0...(......o1...*..0...........(.......(....*N..o2...(.....o3...*..o4...u....%-.&ru..p.o4...(5...s6...*J.r...p.s7.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):4.986033023891149
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGOGFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRzSJuAW4p
                                                                                                                                                                                                        MD5:9DBAD5517B46F41DBB0D8780B20AB87E
                                                                                                                                                                                                        SHA1:EF6AEF0B1EA5D01B6E088A8BF2F429773C04BA5E
                                                                                                                                                                                                        SHA-256:47E5A0F101AF4151D7F13D2D6BFA9B847D5B5E4A98D1F4674B7C015772746CDF
                                                                                                                                                                                                        SHA-512:43825F5C26C54E1FC5BFFCCE30CAAD1449A28C0C9A9432E9CE17D255F8BF6057C1A1002D9471E5B654AB1DE08FB6EABF96302CDB3E0FB4B63BA0FF186E903BE8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>..</configuration>

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*295 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):151040
                                                                                                                                                                                                        Entropy (8bit):3.7625146843055375
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:pFQdS3gVUDit2w2eflHwUr3MiyjCdG7GVV4kDA6Ziy0lYkDA:pFQdAitn2qwUr3p7VV4kDAZLlYkDA
                                                                                                                                                                                                        MD5:3ADD5FDC896B38683C251DA1AD6128BC
                                                                                                                                                                                                        SHA1:588FD99903588E38A11AC532754DB1946AFA76E3
                                                                                                                                                                                                        SHA-256:696334D3707F55432B4BEC3A43DC23D9BEB9E994D4D1D9B40CAACEBFF8B68FE3
                                                                                                                                                                                                        SHA-512:A1405D66AD8AFB2946800D7573EF601C86B3FDC50DD0879693AADF1ABDC465962B066B3AE6B8E3319A78643B685D2FE94A86B5C368DEA6646878407D2818912D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........'...|.......$...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Svg.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):759576
                                                                                                                                                                                                        Entropy (8bit):6.352488921850293
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:xjyerCn3SG4tGFGU+NzJHomqU6V1jnQxZdlCG3pFb6KtXX2nrfSNT6v2q6wU:BrCn3S0GfNzP76V1jnQxZdlCG3pFb6Kx
                                                                                                                                                                                                        MD5:DD648F15AD4FC0D36C09E31ED036DB1F
                                                                                                                                                                                                        SHA1:E94BC627210EA23D67D614DE7D59BE58EB8E5C10
                                                                                                                                                                                                        SHA-256:3E92E71DEF625E8AADE2F1689CABB2CBC1D0DBED855FE94B38251151E70D7688
                                                                                                                                                                                                        SHA-512:1B8CE9DE2417D974C09A1BAD4B1AB1913A75C635C09B54F87334A6FBEBCD2C52FA7B9F746357AA77194A0DBDBF7A5166D6EE8DC798C67FC733693183F0B57AF3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..f..........J.... ........... ...............................l....`.....................................O....................n...)..........8...T............................................ ............... ..H............text....e... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................,.......H............q...........w................................................(6...*..(6...*..(6...*V!.'.......s7........*J.o.....o....s>...*..{....*...}.....o_...r...p..L...o......o....*..{....*...}.....o_...r...p..L...o......o....*..{....*...}.....o_...r...p..L...o......o....*..0...........{....,..o....9.....(....(Q..."...@[..,.".......o.....s8...}.....{....o9....(.........(9.....o...........(H....X..{......(:....Y..(;....Y"...@.Z"...@.Zo<....{....o=....{....*...0...........o..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Svg.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (621), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):168793
                                                                                                                                                                                                        Entropy (8bit):4.530149376990327
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:ReWZtlVd41Oqi0H1Oqi02Vx5cnJ1OqinzP48Y4Q26ga68xFdJLyuipkyhg1+e1pl:AWHZ5QZ8T6gsJLyuiyyhwTpCN/24K
                                                                                                                                                                                                        MD5:7AEE18F5FD135B525FEEC66BB2AED5D3
                                                                                                                                                                                                        SHA1:2B6C577F4AD8C5BFD704394AEB7F2C056E3FB21F
                                                                                                                                                                                                        SHA-256:882E2B07E327779A7C917ACA4B2B22D8F8D1F55B79BD8576418F980FB9770179
                                                                                                                                                                                                        SHA-512:F4DFE5DCA00A9504F0EE9ABCEC03AC334901400BED6411C9FEA7891DBCA2EA7F7E92B43620C83A36984B4A2CDDBBB77170CD23BF2149B2B842E7D7BAC76359C5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Svg</name>.. </assembly>.. <members>.. <member name="T:Svg.SvgCircle">.. <summary>.. An SVG element to render circles to the document... </summary>.. </member>.. <member name="P:Svg.SvgCircle.Center">.. <summary>.. Gets the center point of the circle... </summary>.. <value>The center.</value>.. </member>.. <member name="M:Svg.SvgCircle.Path(Svg.ISvgRenderer)">.. <summary>.. Gets the <see cref="T:System.Drawing.Drawing2D.GraphicsPath"/> representing this element... </summary>.. </member>.. <member name="M:Svg.SvgCircle.Render(Svg.ISvgRenderer)">.. <summary>.. Renders the circle using the specified <see cref="T:Svg.ISvgRenderer"/> object... </summary>.. <param name="renderer">The renderer object.</param>.. </member>.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22296
                                                                                                                                                                                                        Entropy (8bit):6.663572921828433
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:NICREYcfpyXOT9Z7a6WmYWXyIYiQ32LAM+o/8E9VF0NyD:NIiE9QXM11YiQMAMxkE
                                                                                                                                                                                                        MD5:EA81754CADD08398CDCE1835C2D1F0F3
                                                                                                                                                                                                        SHA1:D3E3F6B44DD08C4BFC8AA462FB37F8AE27652D51
                                                                                                                                                                                                        SHA-256:8CD8370FFD01CBDB6E345436B76DBB58AA8886275E59BE55330F292C27B830E3
                                                                                                                                                                                                        SHA-512:B92389977A5F1A43EC03692BB28C15024D702D85F510349AB7AFA657CF94E6AD2A504303F710751D6395844F0E22FEB19DF8BC3DDAFC925A0709B34B7F567C5D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..$..........:C... ...`....... ....................................@..................................B..O....`...................)...........A............................................... ............... ..H............text...@#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H.......h'..p............?..X...0A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..(....*R. ...(...+%-.&("...*^. ...(#....(...+&~ ...*.s%...*"..s&...*..('...*.*....0........................((

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Buffers.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (634), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3195
                                                                                                                                                                                                        Entropy (8bit):4.750160458439205
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:3iRtamCGLiVMgLGTKLG0LG8hLGRpWG79NmGM9TLGoA96cmgKxnGu7gMcXFFfYK8L:ySm9iVHAKv3hQt9Y9TXAixbewKXHSH
                                                                                                                                                                                                        MD5:0C727C6CF7E10FB85310C46EC17AC47F
                                                                                                                                                                                                        SHA1:F7C922B32655DA2732CDF9E980DAD7337EA87D5E
                                                                                                                                                                                                        SHA-256:5047E342F6E3860E8B37B77207D5E10C5007E07692777EB504D0CED628DA022C
                                                                                                                                                                                                        SHA-512:32D95683A8AE55E0EAA6A6C401B01E1ED50389C2382EDBDD05A59A39AFE78FB8BB10E49FF4696AAF702B98AEE0A2AC4857EA330AE133AAFEAAC3B514EFBE2EA4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><span>..<doc>.. <assembly>.. <name>System.Buffers</name>.. </assembly>.. <members>.. <member name="T:System.Buffers.ArrayPool`1">.. <summary>Provides a resource pool that enables reusing instances of type <see cref="T[]"></see>.</summary>.. <typeparam name="T">The type of the objects that are in the resource pool.</typeparam>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.#ctor">.. <summary>Initializes a new instance of the <see cref="ArrayPool{T}"></see> class.</summary>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create">.. <summary>Creates a new instance of the <see cref="ArrayPool{T}"></see> class.</summary>.. <returns>A new instance of the <see cref="ArrayPool{T}"></see> class.</returns>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create(System.Int32,System.Int32)">.. <summary>Creates a new instance of the <see cref="ArrayPool{T}"></see> class using

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Memory.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):143128
                                                                                                                                                                                                        Entropy (8bit):6.161350840044269
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Rxi8ae06y7Q0kSutmvEmFk0pBa/+h8k/6kY2F8xB0dhqABtx5yoG9Ql7QUx:P0vDkSutmhFpYqtDqAhjMQlM
                                                                                                                                                                                                        MD5:92E9ED62426DBCE0112800A2BC999B18
                                                                                                                                                                                                        SHA1:F291AC240FD09AEF2A7CBACA294C48F6AF83D426
                                                                                                                                                                                                        SHA-256:84592BE7E0AFF52340162EE074707F08DFBB4365875B84909A3DF82DD4F0EB82
                                                                                                                                                                                                        SHA-512:B69C59C5889126A21C00819E8B48261E2DE3ADEE9E9EF6478EE5F84C1BFBD0C1AFCA71F29F1ADC203E1769E0EC29F847474F6AEE7D5B1E574C7EBC76CD27BDB6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U..\.........." ..0.............b.... ... ....... .......................`............@.....................................O.... ..8................)...@..........8............................................ ............... ..H............text...8.... ...................... ..`.rsrc...8.... ......................@..@.reloc.......@......................@..B................C.......H........,..L...........,.................................................((...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....()...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o*....{....(a...*..(....zN........o+...s,...*.(....z.s-...*..(....zF(U....(O...s....*.(....z.(V...s....*.(....z.s/...*.(....z.s0...*..(....zN........o+...s1...*.(....zrr...p(\....c.M...(O...s2...*.(....zBr...p(Y...s2...*.(....z.s3...*.(....z.(X...s4...*.(!...z.(_...s4...*.(#...z

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Memory.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13950
                                                                                                                                                                                                        Entropy (8bit):4.749162715500682
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:19SSrAVfjSE0wxiMiLiLiXdCjticiciAiJiziPNjNei5i9zhi+ipOUTJ:1gbXKKXppPmcPi6LmJ
                                                                                                                                                                                                        MD5:ADD19745A43B2515280CE24671863114
                                                                                                                                                                                                        SHA1:CF44E6557FDE93288FF2567A002A69279965CABA
                                                                                                                                                                                                        SHA-256:D5714C96607EB1A9D0F90F57CA194D8A9C3EDE0656A1D1F461E78B209F054813
                                                                                                                                                                                                        SHA-512:8D7E564FA61411B5C28F29B07855DD112687EDCB39B991803C7C7DE67B6894B309102AC9B52409B56B7BB5C9101EB4CDFB21FCFBF5D835E4A153E188CB97CC87
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Memory</name>.. </assembly>.. <members>.. <member name="T:System.Span`1">.. <typeparam name="T"></typeparam>.. </member>.. <member name="M:System.Span`1.#ctor(`0[])">.. <param name="array"></param>.. </member>.. <member name="M:System.Span`1.#ctor(System.Void*,System.Int32)">.. <param name="pointer"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32,System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.Clear">.. .. </member>.. <member name="M:System.Span`1.CopyTo(System.Span{`0})">.. <param name="destination"></param>.. </mem

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):110360
                                                                                                                                                                                                        Entropy (8bit):5.471742610061083
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:HpKSyD3hoE3PQU9xb1iPKHKWU//6hE2rkQQP7QSx:ESyLhZ/X9xb1YKqn/unQPM
                                                                                                                                                                                                        MD5:33039AFCB40C405490C47FB4C068FC18
                                                                                                                                                                                                        SHA1:E3B539B5FF66D68B7B8CEF45E417C1F66069FEE0
                                                                                                                                                                                                        SHA-256:87CA267BD9535ED1A04E12E3007D6D41015FE7E103AF549907F58AFCE643217C
                                                                                                                                                                                                        SHA-512:BEE24BFAF1CE0BD56AEC5AB3BDB1B8EFF986DD0C907FD2E23A8C3AF43D830FF6DADE6E83BAD57C6780E79F1E521F9522F8141D238873B5741DC7683971C81974
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..v..........j.... ........... ..............................ef....@.....................................O........................)..........t................................................ ............... ..H............text...pu... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B................K.......H.......,S..0>..........\.................................................(....*&.l(....k*&.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(....*......(....*...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (640), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):183543
                                                                                                                                                                                                        Entropy (8bit):4.784775080568946
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:9zlgmfTCpKdUqMGFYBlF8Yza2HbyJtJZJ9JaGN4AscoqrbuCeBqaiaIacasa7c12:9zhfTD227fX1HKg1agk
                                                                                                                                                                                                        MD5:A556041FB2F0F8ACFB89FCE08A9DE8F0
                                                                                                                                                                                                        SHA1:E2A3B3ACB380A4EB626B44FF6EE04A37110A3389
                                                                                                                                                                                                        SHA-256:996E11F72E5BB4F58B080CCAF94C325F8CABB175070DDE109516A5069ED17708
                                                                                                                                                                                                        SHA-512:116D6C3C98E0CC70718A7B0CE38826FDE8EF00CFE9A8D00C721BC1BF2297F39A5B256143BA6568A87BC6D0506D53A3BAE12B7899655454536DEC13AC455B2A17
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><span>..<doc>.. <assembly>.. <name>System.Numerics.Vectors</name>.. </assembly>.. <members>.. <member name="T:System.Numerics.Matrix3x2">.. <summary>Represents a 3x2 matrix.</summary>.. </member>.. <member name="M:System.Numerics.Matrix3x2.#ctor(System.Single,System.Single,System.Single,System.Single,System.Single,System.Single)">.. <summary>Creates a 3x2 matrix from the specified components.</summary>.. <param name="m11">The value to assign to the first element in the first row.</param>.. <param name="m12">The value to assign to the second element in the first row.</param>.. <param name="m21">The value to assign to the first element in the second row.</param>.. <param name="m22">The value to assign to the second element in the second row.</param>.. <param name="m31">The value to assign to the first element in the third row.</param>.. <param name="m32">The value to assign to the second eleme

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):18200
                                                                                                                                                                                                        Entropy (8bit):6.648450282504482
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:sqTO1PdhW1YWxv2IYiQ39WivAM+o/8E9VF0NyotV:sq6PSzDYiQFvAMxkEaV
                                                                                                                                                                                                        MD5:06475F3703A87898E379560D7AB30906
                                                                                                                                                                                                        SHA1:89DBEF8D1863B2FFF6112B6C6F7BB93D820F9C89
                                                                                                                                                                                                        SHA-256:13955A27D7F36DCB9D5A18DB3BE3888067150254E11C08B7584A05292C1CF529
                                                                                                                                                                                                        SHA-512:A809EDCE2743350E39F0EF41FCDBEEC20BAC806E8F976CAAA41AD4014AEF4337F5BCAE22631D43DD70E7E3F325F4B355D284466C6ECBF94DA010A64CBF571EC7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..[...........!.................1... ...@....@.. ..............................v/....@..................................1..K....@...................)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ........................................|......<...rp....O..Ih.VvI..a,...%...(..@...7.v..v..N..x.6.._.....H^c~s_...]..Q@.,n.H(..CN..Q..<...%N`H..MV}%'x;.A.1..E..^.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14080
                                                                                                                                                                                                        Entropy (8bit):4.739717678047703
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:1/uXuAB8fmAc26yQew6griJriurt8rtTpkE+EDJOgOha/MU:1/A3WfmAc2rQew6griJriurt8rtTpkEX
                                                                                                                                                                                                        MD5:26CD9E7E8A62BB97CACE4E4AC16987A0
                                                                                                                                                                                                        SHA1:E705414BE72B4866BC3AD02B9529656014C63CB1
                                                                                                                                                                                                        SHA-256:63E32EBB4B26C25F65DDF26B5FA9D7147A9C8B45DF355DB90AC706AFEC980036
                                                                                                                                                                                                        SHA-512:AEF9CF14E85D954E86B7C9A3AB35398DE0E1EE97A6CE383F82BCE789DCB2355C8AB781007F88B2D5E8F94D2E4CF940319FE0BF746E937F600F8425CA885973CD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Runtime.CompilerServices.Unsafe</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.Unsafe">.. <summary>Contains generic, low-level functionality for manipulating pointers.</summary>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.Int32)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the offset to.</param>.. <param name="elementOffset">The offset to add.</param>.. <typeparam name="T">The type of reference.</typeparam>.. <returns>A new reference that reflects the addition of offset to pointer.</returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.IntPtr)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the offs

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22808
                                                                                                                                                                                                        Entropy (8bit):6.59722848195557
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:RB9g5l+A3VVdCRdtOfd7TCUBQ4BX8JZa6Si5HsOgrE2WGCWcIYiQ3k4ERjCAM+oc:n9g5HVVX12fsOgrE+ZYiQdERCAMxkE
                                                                                                                                                                                                        MD5:8BF565C3B4739548E05A404360595E00
                                                                                                                                                                                                        SHA1:2D5138CE9C0FB61AAC5DE604F0744EC65D2781EC
                                                                                                                                                                                                        SHA-256:83212769257617A8B1C5CB2698C471577346D32A5FF7B9A5B06932CFB2BC450B
                                                                                                                                                                                                        SHA-512:F689541CD056EF7D14F956B7BC3FB848756F41799C83DE30E9017B72D625CEFDB2517814D2B24F5C3A69990C32DC3C0E0A4109EF19A8A931966F42FFD6DC712E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP...........!.....&...........E... ...`....... ...............................:....`..................................E..S....`...............0...)........................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......<#..\"..................P ......................................'o...Ab]+.^nz..w..fBw..W.r..D..0...|..fc.x.@.J.S......_..t....&].. ~.8...t..j.j.W...g...d %..:/`b..X.q~....s.[G!]otwD..m...*..*..*..*..*..*..*..*..*..*..*..*..*..*...0...................*...0...................*...0...................*...0...................*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..(....*..*..*..*..*..*..*.*.*.*.*.*.*..*..*..*..*..*..*.s....z*#........*.**#........*.*..*..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (541), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):76981
                                                                                                                                                                                                        Entropy (8bit):4.819464476297391
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:YNa7Vx5ughg2y1eEics/2cLtU+61hYg45bmZiNjcAjdKvj59znKSe5+YjTjljcKZ:YHeEUZtgsccITKSFYjxcKSskiKS1
                                                                                                                                                                                                        MD5:3A4E05CD88971CC7988F3179977192CA
                                                                                                                                                                                                        SHA1:C0F796775FB852E6F9F75AB70846EE49619D9988
                                                                                                                                                                                                        SHA-256:576D49F78CEDFC37A7F7452EA7519EBF690642EBB87D01AC777605FFDBC648B0
                                                                                                                                                                                                        SHA-512:4E649FE654160B8D2595927CB215F078E1D97EE5B1D366D0651743E143DD990867FFB3E6C69AC19AFEF0D75C9B8B28E36977AAA4D64C5FFD24B0037B04828479
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Runtime.WindowsRuntime</name>.. </assembly>.. <members>.. <member name="T:System.WindowsRuntimeSystemExtensions">.. <summary>Provides extension methods for converting between tasks and Windows Runtime asynchronous actions and operations. </summary>.. </member>.. <member name="M:System.WindowsRuntimeSystemExtensions.AsAsyncAction(System.Threading.Tasks.Task)">.. <summary>Returns a Windows Runtime asynchronous action that represents a started task. </summary>.. <returns>A Windows.Foundation.IAsyncAction instance that represents the started task. </returns>.. <param name="source">The started task. </param>.. <exception cref="T:System.ArgumentNullException">.. <paramref name="source" /> is null. </exception>.. <exception cref="T:System.InvalidOperationException">.. <paramref name="source" /> is an unstarted task. </exception>.. </member>.. <member na

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                        Entropy (8bit):6.538195289154972
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:QyPa16oAL4D+wW9IWmDIW4IWYDfIYiQ3fhcZqAM+o/8E9VF0NylW+C:QWs6oqDjADKeDgYiQpcUAMxkEd
                                                                                                                                                                                                        MD5:35BD6BFA8A2A11F8735397900F130918
                                                                                                                                                                                                        SHA1:941B9281B9548887A246905E380FB9C13D564006
                                                                                                                                                                                                        SHA-256:600169E7B5AF04396FC3C35DCA6DAF993E442FFFB71B4F96BCCE2D8E63F648AA
                                                                                                                                                                                                        SHA-512:3DE19E8D7DA116359BA139028AE682566E77D4985BFB5D8324E00EE1903C33758620D9CA781842EBA73AEFE8BB0C3310E1C5AD0378DC7CC25BE414C314E17AA1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ..............................a.....@..................................2..O....@...............$...)...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):142
                                                                                                                                                                                                        Entropy (8bit):4.391770241438592
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:vFWWMNHUz6GbC/0tFFNu7WRtLz3hAbS9/FFNrGMH/xtgGM8Xby:TMV06GbSWVVR+SXNffgp8Xby
                                                                                                                                                                                                        MD5:B6E60687AE5DB6D011E21E6993620745
                                                                                                                                                                                                        SHA1:B117C6BBDDC72E7F4B590173992EE17BFDDE4BE1
                                                                                                                                                                                                        SHA-256:C37E163FA76629C196460C7B4D54E95B1A46A4C66AB7B6F3311959C8137DC5F1
                                                                                                                                                                                                        SHA-512:709212B6CB36F57B92A82DEF810F9C075A91B3E6A5FD330DCFB563D94A320783509441347D63BDE97F530C6B10CE6AA769CA11F7FC39ACF1B25D5C8F9DCBB389
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.ValueTuple</name>.. </assembly>.. <members>.. </members>..</doc>..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):50456
                                                                                                                                                                                                        Entropy (8bit):6.21259003479461
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:N3wBccZdxuB8mQen6JxKjrlMZgR0EoO7QLx:pcHmQPUkOM
                                                                                                                                                                                                        MD5:5E4F1D21E43BC48BF8B8B7E9B68DDEAC
                                                                                                                                                                                                        SHA1:122B6CC52699AEE8F6BAC522FCD5C9E97422ACBB
                                                                                                                                                                                                        SHA-256:CFF4E1FFC3F1B69948436B62ED30FA7C03C079A6CE7483EFCFC4D9B5744ABC9B
                                                                                                                                                                                                        SHA-512:E37146A3E16AEF7CCB90F8B50B3A83FD9BBCE171C5CCC23B9F26252D586593F330E61D8537807A2AB98CE6BC746B0DB66CFDED1934CF5A576E907F0E54C06011
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...du.K...........!..................... ........ ;. ....................................@.................................\...O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4O..X`..........xD......P ......................................{c...2......q..Z,.C.....3.n.Z..7....R.....T.{yF")i.$JMv...,a.....U...M:,...Z.Q:..c..N.{....<....h%.....:s..T...Z.gSI.....6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):62128
                                                                                                                                                                                                        Entropy (8bit):4.529932548825407
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:2y80yatyXMOX0lrNyzEYIFu8cKy5BYAeu:MsY
                                                                                                                                                                                                        MD5:F70AEFF5A0E73BBA854A66ED6F0F5340
                                                                                                                                                                                                        SHA1:5669C580408931021A39CFE0563771CBED623670
                                                                                                                                                                                                        SHA-256:9608C07302EFF914A866DC5D416A8816FE9B28DF62EDF6D9C28F79A0236824F4
                                                                                                                                                                                                        SHA-512:95B076A38E3F320CC16F4AE31FB76CFE3FC378A7EB33ECE9F1FA83D7281CBA72D8BBCBADE2C1476793351B0C19CE8851A192FD42E3E3554402011E9FDC024BE7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.Windows.Interactivity</name>.. </assembly>.. <members>.. <member name="T:System.Windows.Interactivity.AttachableCollection`1">.. <summary>.. Represents a collection of IAttachedObject with a shared AssociatedObject and provides change notifications to its contents when that AssociatedObject changes... </summary>.. </member>.. <member name="T:System.Windows.Interactivity.IAttachedObject">.. <summary>.. An interface for an object that can be attached to another object... </summary>.. </member>.. <member name="M:System.Windows.Interactivity.IAttachedObject.Attach(System.Windows.DependencyObject)">.. <summary>.. Attaches to the specified object... </summary>.. <param name="dependencyObject">The object to attach to.</param>.. </member>.. <member name="M:System.Wi

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24064
                                                                                                                                                                                                        Entropy (8bit):5.436377150873873
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:nOeNiCPJ8d//4CMSKtmVbFhFMTuzO3zoVOgvevU3+uARkArvLU8Wyt:/x8d/i49z7cgWvwARkwvLU8
                                                                                                                                                                                                        MD5:D0854E8DB0D1AFBDAB9CEDB8464561A7
                                                                                                                                                                                                        SHA1:7550E1257E2D243AC0A12439D2A55C74718753D4
                                                                                                                                                                                                        SHA-256:363DC1FDC0C50618C9049F87BF6E2C6EB9D9CE4AC08960373BF778EF854D78AD
                                                                                                                                                                                                        SHA-512:CAF5CB38121FE12A560CEBE4E1AC3266AEFB3C7AB0635EFF26D1AB7DE8CD349F52CB8F9FD4F8E05CF6E496FF07083961881517298FF80A07691B22EF2B317A3D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...................................@...PE..L......\...........!..............................@..................................o....@..........................................p..`...............................................................................................H............text....V.......X.................. ..@.rsrc...`....p.......Z..............@..@........................................................................................................................H.......P...hV..................................................................BSJB............WindowsRuntime 1.4......t...x3..#~...3......#Strings.....G......#US..G......#GUID....H..`...#Blob...........W.........%3........h...a...m...9...........)...S.......................,... ...............!.....0.........l.e...~.............................5.....b.e...g.....s...........................................................&.....>.....L.....V.....o.e...v.........................e.....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5773312
                                                                                                                                                                                                        Entropy (8bit):5.68640191645299
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:OVINVwJzGKybK12T5yb9ksyZWPsADcn0XjOTQVm8fGwoAIMHFqG:/NVwJzVSs+Wp4xyD
                                                                                                                                                                                                        MD5:2B71864142900544334292C45C9A9A21
                                                                                                                                                                                                        SHA1:763865F2163F8B3A294BB156D1E36B9E73A9EBAB
                                                                                                                                                                                                        SHA-256:94687C2812CD4B0DF1F93C3D083BAA730CAB07E9D9C3931FA6557C808BCEF49B
                                                                                                                                                                                                        SHA-512:DD73C7832A2B43774D18A83AC08CEE5A6F7D76F870A98A344B3FDD1DE61CD9B7362D31009F443592F138EFFB9ED7CDD9E4F8A7282C699B7AF3F434ABE74F215E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...................................@...PE..L......\...........!..............................@..........................@X......AX...@..........................................0X.`...............................................................................................H............text.....X.......X................. ..@.rsrc...`....0X.......X.............@..@........................................................................................................................H.......P...L.X.................................................................BSJB............WindowsRuntime 1.4......t...t(>.#~...(>..O..#Strings.....xK.....#US..xK.....#GUID....xK.x...#Blob...........W..........3........d.......c$......b"......sV......'.......A...P....s.......a................2...........p...i.....u.......................i.........................6.........o.......................................%.........I.........g...............................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\Windows.WinMD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):174080
                                                                                                                                                                                                        Entropy (8bit):4.838714488862786
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:BXlu9HOsrxLLC581nfkhTf85SfD/8E8pMyF2fIK2E3ZMrf/GXTdXg7A/w:b41x7v54sMyov2+Mrf/GXKA
                                                                                                                                                                                                        MD5:6AEB1C3E0470912D776EF79DC180AEF6
                                                                                                                                                                                                        SHA1:C35A83124548142B7AF868166EEB9B9A8DEDCA03
                                                                                                                                                                                                        SHA-256:249D4EBDCB399002F7B6DCB50384AD0DF3AB6A7CF7087161EDA4E43052128E6D
                                                                                                                                                                                                        SHA-512:3AA0D6D8BFB0788353A85E5C0F88B0D0B0CD80F200C78932D8BD4FCF0711EF6577F9C3F4036BB88A4EC7BCF58ED2C4A48FC003324B47A0FAB51E2A1B73436DE4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......U.........." ..................... ........@.. ....................................@.......................................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................................H.......H ..............................................................BSJB............WindowsRuntime 1.3......t...@...#~.......s..#Strings....`.......#US.h.......#GUID...x.......#Blob......................3................$.......................................................6=............................................iA......................cE.......................F.......................C.......................A.......................@......................PC................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):103704
                                                                                                                                                                                                        Entropy (8bit):6.283371933462689
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:OZGfW5mvu8DC4AiyZAZIJjAgyzjeIcKNVT7VuWCbwt2Ezg7QIxO:OZGfNu8DyZAZwWtpVT7VVdgYgMp
                                                                                                                                                                                                        MD5:ACB8F45DB96CD7C2AB0DE33115F5BDFF
                                                                                                                                                                                                        SHA1:3176E469C11EA3207F8AEC2BD0BBFF761F4866E8
                                                                                                                                                                                                        SHA-256:BDACB6508286E644222CB44DCCAF51BC9210AFF80529706CB7B8EDFEBF53AE61
                                                                                                                                                                                                        SHA-512:E47B6C41068B6F16374E56FCD577370812E57D548354AD11346D351D4AB7EBA6A245F5F211FE47945DF43C73B67A9F1E4D920C85CBAD2FF3DC3D95886622B1A2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..b............... ........... ....................................`.................................E...O.......L............l...)..........`...T............................................ ............... ..H............text....a... ...b.................. ..`.rsrc...L............d..............@..@.reloc...............j..............@..B................y.......H........................................................................{#...*..{$...*V.(%.....}#.....}$...*...0..A........u........4.,/(&....{#....{#...o'...,.((....{$....{$...o)...*.*.*. ..~. )UU.Z(&....{#...o*...X )UU.Z((....{$...o+...X*...0..b........r...p......%..{#......%q.........-.&.+.......o,....%..{$......%q.........-.&.+.......o,....(-...*..(....*..(....*F.~....o/...t....*6.~.....o0...*F.~....o/...t....*6.~.....o0...*F.~....o/.... ...*J.~...... ...o0...*F.~....o/

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28012
                                                                                                                                                                                                        Entropy (8bit):5.07766090155697
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:UnhIrxUN3RhP+UVpi+L2P2lxX2rzELJRDXPn1F4da24Ui0o92d2zPSuWaK9cww0H:txwnPJL5JL4Dih9KWK9cww0oUZ
                                                                                                                                                                                                        MD5:9F580CA88DB263A3BDB75D40EE88C8B8
                                                                                                                                                                                                        SHA1:73F47B6B2A04525C8DA776A746933EE8F02E3845
                                                                                                                                                                                                        SHA-256:E0387871E704D9402196F786ED697F87FB63267BDCB142829E02CC1C3F548275
                                                                                                                                                                                                        SHA-512:2839625305CF2375C281C60E86694263AF151F5CDA311624C019A76207543B1A1E9AB91C5D70AB50A151DA52BEEC7225D887C5AA748E4B964271CB8F63C9B681
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:BSJB............PDB v1.0........|.......#Pdb........x/..#~..t0..T...#Strings.....2......#US..2..p...#GUID...<3..0:..#Blob.....q0\.UG......j..Z.....W...............r.......#.......9...&...........................i.......j...............@.......................................+...#.......z...=...1...T...B...I...........................G...O...........................H...R...........................8...B...z.......................1...;...z.......................&...0...g...q...................-...7...d...n...................<...F.......................%...]...g.......................8...u.......................*...2...`...h...............).....................................\...c...o...v...........................................................#...0...=...J...W...d...q...~...................................7...................................?...o.......w...................................................*...1...................8...............<...........C...P...X...........j.........

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                        Entropy (8bit):4.756472052670044
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:MGzDcHtDpvhpzcPWg3TUHfBo+6IhF0DY2ACkVtW/lRODhQkBp3ySNUt4LUTsVB6j:M3HtDpvhpz03TafBo+6IhF0DY2ACkVlk
                                                                                                                                                                                                        MD5:742FAA100BAC5ED77490CC84EDC1F7CD
                                                                                                                                                                                                        SHA1:A9EAEFC888393EBE225D185943C8F96CD76D6CCB
                                                                                                                                                                                                        SHA-256:63DF6824DC2E3B89E9EC6B715C3003A5897B0D9922DA5C15E89C7C775076D819
                                                                                                                                                                                                        SHA-512:8744657359041C78161E3CC51497D26A30E1C46F5222764EC1376EBAC0E9602F98B7E7E7B94047F4F3CEC320A6726B352386AF2B4AA704AE4D9788C3EAAAFACC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(.~`...........!..... ...........>... ...@....... ...................................@..................................=..K....@..x....................`....................................................... ............... ..H............text...$.... ... .................. ..`.rsrc...x....@......."..............@..@.reloc.......`.......(..............@..B.................>......H........8............... ......P ......................................A..K..bo....x.r..R~.....T.qs.:....X....3...5U.n #...D...M.V>.s.Ap;.........#..O..]..7F.....i.. ...O*.j.....@..jv=...W_L.$...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.=....T.f.@.i.=.'....C..)bJ.;.$...._*.../.n#0...2..ck.##s.ua..C|.<...u..MQ........gJ.........

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                                                        Entropy (8bit):4.613368878737462
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rN1vttjc+uAS57xu3e5auZJWzE4idhleNjqi4oqTJVnt1JhRw0BVVSr:rbvH0uzE4UhYjqi4/d/RPBWr
                                                                                                                                                                                                        MD5:960EE61E268C24D30510849023D8A6B3
                                                                                                                                                                                                        SHA1:69F4BDA11582E5162C8BE194D826E66B847337B0
                                                                                                                                                                                                        SHA-256:9D08321232937B3B2401CE0C77F26DBCACEA713A8CAA4010F4B587D409BB5683
                                                                                                                                                                                                        SHA-512:1DCFBC1D5735D1CF060B6FBA0BBAB3394D383CA7418718284C7D6F4BAC373F63284BC8CC69FBAD36842D5336013E370550885BBB58F90DD3CCA51517A1A31C65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e...........!.....$...........B... ........... ....................................@.................................TB..W....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............*..............@..B.................B......H....... ?..4...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....Q.......PADPADPh....>.......P..Z..'..l..}....;z..!.a..I...J...K...L...M.......i...#......v...w..e+..<..3'.w.......d?...a..s.....AsY.p...H.>..............v..N.R....#...&...&2..*.3.,/1.-B.W3..p7%.o8..r;=..?..G.}.K.}.K.}.K.}.K.}.K{.(O

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\app\qf4net.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):39192
                                                                                                                                                                                                        Entropy (8bit):5.110534898045065
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:F+ZpbHSTTUa8x+qvvIojhPYiQQdWAMxkE+:F+Zpb8T2x+CvP7Q2kxS
                                                                                                                                                                                                        MD5:7255C069B24F4ACAFC2E61A2775DA171
                                                                                                                                                                                                        SHA1:7B633E432CD852BA3F3C4F873BA5B4F68E6C2A39
                                                                                                                                                                                                        SHA-256:913AE5CB8D08C7280A995BDE388C22069949631F20A2B9AC5E086BD676E1CB55
                                                                                                                                                                                                        SHA-512:7E688EA98BD2A3EBB1F7054587D041D2B87E66B6DB53F7E4170669818E64D3D36779594432780177826A216F89DF106165448CD5CDEE1B420C54896E9A2F3065
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....KV.........." ..0..@... ......J^... ...`....... ....................................`..................................]..O....`..<............p...)...........]............................................... ............... ..H............text...P>... ...@.................. ..`.rsrc...<....`.......P..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\appsettings\settings.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):389
                                                                                                                                                                                                        Entropy (8bit):4.731905128310357
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:UYZI36ofqq2NpJXRRdNpVBfHU/iKz6J7z:UYS9qDNrXZNaTzon
                                                                                                                                                                                                        MD5:5F8CB8F1EC254CD5617741E89BC7569A
                                                                                                                                                                                                        SHA1:818A4674AF8BC1713B37CE0A28EAFB14EE6CC29F
                                                                                                                                                                                                        SHA-256:3A3B2CD2FFB3C5554D4828EB695B00AD5E7D1B2EC99D2FD2D10C19BD01AA50D0
                                                                                                                                                                                                        SHA-512:A919EDF9765384F2FC4567F1F1DC34E10B63109EC6748E969BA8D50B86809909CB0F87846E9A6005477C32122D2B8DE4A7EFEB1F1CBABE09ED84B654E5BCB028
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "General": {.. "MinimizeUponConnection": false,.. "RunOnStartUp": false,.. "ShowTutortialUponConnection": true.. },.. "Conference": {.. "ConnectByomAutomatically": false,.. "UseInRoomMicrophoneAutomatically": false,.. "IsStreamingFhdVideo": true.. },.. "Test": {.. "IsEnableEchoCancelling": false.. },.. "Misc": {.. "IsShowOnNextDisconnect": true.. }..}

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\instrmv.cmd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1435
                                                                                                                                                                                                        Entropy (8bit):5.168514160976156
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:CBc6mGOPDSgJaX7Blu7BW7BFXli/3g/EuzU/OVdEisHROVyOpX:0VgQX7Blu7BW7BFXg3g/EhAXnx
                                                                                                                                                                                                        MD5:9A11812CD3236C4E308130B537534745
                                                                                                                                                                                                        SHA1:26C6225474A25FB9C644CF78D4A7CB87D1E04AA2
                                                                                                                                                                                                        SHA-256:7CBF8C34EBF0318B37AA0ED06FA51BBB07F1F8C2BF4C1B07CAFE733A5D6E58DB
                                                                                                                                                                                                        SHA-512:5BCB6FD583828941F95B267742A82CCA602ADABF36D775F850D50336296EB6144FA1E7BAF29E3A3D9ED043A6BD7A605B1E1650C8D2EBC60F253057293D42C512
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:@echo off....setlocal....set "DriverInfFile=vacscbkd.inf"..set "DeviceHwId=ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5"..set "DeviceInstId=Root\{aafa5613-1d56-4309-9c3a-c3911d766be5}\0000"....set Mode=....if /i "%1" == "install" set Mode=install..if /i "%1" == "remove" set Mode=remove....if "%Mode%" == "" (.... echo Parameter 1 must be "install" or "remove".. pause.. exit /b 1....)....if /i "%PROCESSOR_ARCHITECTURE%" == "x86" (.... set ProcDir=x86....) else if /i "%PROCESSOR_ARCHITECTURE%" == "AMD64" (.... set ProcDir=x64....) else (.... echo Unsupported architechture %PROCESSOR_ARCHITECTURE%.. pause.. exit /b 1....)....for /f "tokens=2 delims=[]" %%S in ('ver') do (.... for /f "tokens=2-5 delims=. " %%A in ("%%S") do (.... set /a Ver1=%%A.. set /a Ver2=%%B.. set /a Ver3=%%C.. rem set /a Ver4=%%D.... )....)....set InfFileSfx=....if %Ver1% LEQ 6 set InfFileSfx=6x....for %%F in ("%DriverInfFile%") do set DriverInfFile=%%~nF%InfFileSfx%%%~xF....if "%M

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.cat

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11466
                                                                                                                                                                                                        Entropy (8bit):7.156043451841546
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:f+nOiAfy+mtbJCwOngEw9JPgXkhYCbYp80Hy5qnajWSu703oQ:2JvbrquLh3bYpslIA39
                                                                                                                                                                                                        MD5:5FAA07BCF94E9633F2AE5E688C7EA6A3
                                                                                                                                                                                                        SHA1:ACBD43137133162385D73970445ED89258EEC687
                                                                                                                                                                                                        SHA-256:F4E28994F1A986261BBAE5838F75E52642A5C70E50D28990E250769548B25D97
                                                                                                                                                                                                        SHA-512:1BD7E45A0B3611A8297D49F8D70A2D46ED07BDD5B003796F90D78B9A4FCE8BD14DD088DC7CADB8ED41F0C21DFA8D372AAB2A291D875262DD16B343A106C35424
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0.,...*.H........,.0.,....1.0...`.H.e......0.....+.....7......0...0...+.....7........R.*.N...z>.....210708162227Z0...+.....7.....0...0.... ...H..g.Uq.[.......X...........1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ...H..g.Uq.[.......X...........0.... S..,Y.!.2..i6*...e...&.y.M.zVd1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... S..,Y.!.2..i6*...e...&.y.M.zVd0.......)....4..._;"@...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0.... .coY.@u{..xe3$.....qY1.........1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.inf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2927
                                                                                                                                                                                                        Entropy (8bit):5.065256670569242
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:fzlab2Qb2ncb25AMPHwuTHYH9ewl9P8uPtS+iSFEY0dPFi+8PBDx:LtNnhZSkFwPBt
                                                                                                                                                                                                        MD5:E5EDB842967CD25E6B490ED05764A2AD
                                                                                                                                                                                                        SHA1:F4EACF18194D422B203904A058FD21A6A456F2B8
                                                                                                                                                                                                        SHA-256:041B83489E80678F5571825B0D0F9BB310F51658C7ACA4AC068CBB07B5EE16FF
                                                                                                                                                                                                        SHA-512:B1AB11A0A10DC1985AD510A4D873181BB28ECEECF414A255A8E895FB3B2BA72A232C0B54F4A71F26CE33CDDEAEBC999B522808F7DFA6CF3ED2BA0B4534C53BC0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[Version]....Signature = "$WINDOWS NT$"..Class = MEDIA..Provider = %VendorName%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 06/28/2021, 4.65.3.11864..CatalogFile = vacscbkd.cat........[Manufacturer]....%VendorName% = DevSection, NTx86, NTamd64........[DevSection.NTx86]....%DeviceName% = DevInst, %HardwareId%........[DevSection.NTamd64]....%DeviceName% = DevInst, %HardwareId%........[DevInst.NT]....Include = ks.inf, wdmaudio.inf..Needs = KS.Registration, WDMAUDIO.Registration..CopyFiles = DevInst.DriverModules..AddReg = DevInst.AddReg..AddProperty = DevInst.Properties........;#####################################################################..;..; Services..; ========..;..;#####################################################################........[DevInst.NT.Services]....AddService = %ServiceId%, 0x2, SrvInstSection........[SrvInstSection]....DisplayName = %ServiceName%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl = %

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.cat

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12070
                                                                                                                                                                                                        Entropy (8bit):7.445862467348569
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:Ctm9UMQVMeKazCKVHGzex+0bUVEVFJ84kcGNq4/C+Q3ISVSWMZMQ3Gr:CNMQJK2CKVjd4VEVFJ8ZcGwGBk7/UMQC
                                                                                                                                                                                                        MD5:D9A4012E567137C10A49105EEB869A7C
                                                                                                                                                                                                        SHA1:C04F6D600714465CC8BB341B76DC6B54235DF1AF
                                                                                                                                                                                                        SHA-256:BCA872DAC035899B85BF2603EFCC3B991273BD318958669B288481558BBF639E
                                                                                                                                                                                                        SHA-512:FBAADB1F872EB6829A07A593C5BDE7E5EC92EDE1E5BEC1BE560E3A3A81766E7BF0401CDF1761DF927705FF2414438CD8948767D7B73AC5A9B817361611351D11
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0./"..*.H......../.0./....1.0...`.H.e......0..x..+.....7.....i0..e0...+.....7......Q.~m.U@...(.t...210628164442Z0...+.....7.....0.."0....R7.0.A.F.4.C.3.4.3.A.3.4.E.1.2.E.F.0.B.B.2.7.5.7.8.9.8.6.B.4.7.C.B.2.2.4.4.8.8.6...1..0E..+.....7...17050...+.....7.......0!0...+........p.L4:4...'W...|.$H.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.D.9.E.A.0.2.9.0.A.E.7.8.9.0.0.E.D.3.4.8.0.D.B.C.4.5.F.3.B.2.2.4.0.0.5.8.4.0.F...1..0M..+.....7...1?0=0...+.....7...0...........0!0...+...........)....4..._;"@...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.4.D.4.2.B.E.4.1.7.7.B.C.9.5.A.3.E.4.C.B.0.F.6.F.7.7.6.6.3.D.F.C.5.9.8.9.6.4.7...1..0M..+.....7...1?0=0...+.....7...0...........0!0...+..........+..{.Z>L...vc...G0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0..N0..6........._....5+de.j0...*.H........0W1.0...U....BE1.0

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.inf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2929
                                                                                                                                                                                                        Entropy (8bit):5.067041406210606
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:fzlob2Qb2ncb25AMPHwuTHYH9ewl9P8uPtS+iSFEY0dPFi+8PBDx:LzNnhZSkFwPBt
                                                                                                                                                                                                        MD5:6212516D36440F07C9243B71676D20FE
                                                                                                                                                                                                        SHA1:70AF4C343A34E12EF0BB27578986B47CB2244886
                                                                                                                                                                                                        SHA-256:74B1946B6D24BB98433C0ED840E96A0D2E6256EDC77F6F5ED8F1A32AB4F2B923
                                                                                                                                                                                                        SHA-512:AF1C53DF4B53F7E5E0B980EB03C4FE2E03DB75413C92AA09369BA66CE3BB2586241259119E8CF2E0BFFCC8CDD7DDA8DE00979DBA6EFE040115DB943C68B752CE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[Version]....Signature = "$WINDOWS NT$"..Class = MEDIA..Provider = %VendorName%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 06/28/2021, 4.65.3.11864..CatalogFile = vacscbkd6x.cat........[Manufacturer]....%VendorName% = DevSection, NTx86, NTamd64........[DevSection.NTx86]....%DeviceName% = DevInst, %HardwareId%........[DevSection.NTamd64]....%DeviceName% = DevInst, %HardwareId%........[DevInst.NT]....Include = ks.inf, wdmaudio.inf..Needs = KS.Registration, WDMAUDIO.Registration..CopyFiles = DevInst.DriverModules..AddReg = DevInst.AddReg..AddProperty = DevInst.Properties........;#####################################################################..;..; Services..; ========..;..;#####################################################################........[DevInst.NT.Services]....AddService = %ServiceId%, 0x2, SrvInstSection........[SrvInstSection]....DisplayName = %ServiceName%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl =

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):159256
                                                                                                                                                                                                        Entropy (8bit):5.095731794917183
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:q3e0hSHF6Kh0CDfaWEfp7lmpIitRlPxJCTO:0h1C0XWEf1lmBx
                                                                                                                                                                                                        MD5:C739572A81F02471F60598D5439B36C8
                                                                                                                                                                                                        SHA1:527CA671114B9DAFAD2888E251DDA19447E7FD48
                                                                                                                                                                                                        SHA-256:AE745B0D02A48D4AE286C962C7431CDA85996C920649B4F7DEB6EE0DAE94298A
                                                                                                                                                                                                        SHA-512:C27442140CA63CB43AF991E47F2CFB5FCDBB5738340BEFBEBF96FB8B5B4D1E13E26D4A3A0102A5C40D9EA5D3BFC728AC3F4198BED5592BC7746119C7DEC6DDBF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................f.......f.......f..........v....f.......f.......f.......f......Rich............PE..d...q..`.........."......l...........;...................................................@.......... .......................................i.......................B...,...p......P................................................... ............................text....j.......l.................. ..`.data................p..............@....pdata...............r..............@..@.rsrc................~..............@..@.reloc.......p.......>..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sys

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):210968
                                                                                                                                                                                                        Entropy (8bit):5.616528067156737
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:bwgplQDijxOrw3gPBA4nJPuneHoTx8ddqy6u7dGxYs7iBz:RpODMOMUnInD+CtusSz
                                                                                                                                                                                                        MD5:963E174D5F1AC1E4773D3B42D92DD4B4
                                                                                                                                                                                                        SHA1:A6A045AEF56C670C3B5E6801C69B93E9EAF13B69
                                                                                                                                                                                                        SHA-256:9093C10A10F1019BB24506C417AE178CFE81BF890337DF753A7ADB2B24DD74D0
                                                                                                                                                                                                        SHA-512:39B7D6CF123032B593C1B3AA6A88E5B3C4301EA1135D96F21F66DDE964DD5D72D5C44F0C91C5378B32851B53D70A27C79F45A5D8834EB1EFB4ADC863CD012A11
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q...............hs......hu.............he......hb......hr......hw.....Rich....................PE..d...q..`.........."..........F...............................................`......N...... ....................................................d...........p..|........$...P..L....................................................................................text...|........................... ..h.rdata..............................@..H.data...p....`.......B..............@....pdata..|....p.......H..............@..HPAGE....2............d.............. ..`INIT.................f.............. ....rsrc...............r..............@..B.reloc.......P......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):143896
                                                                                                                                                                                                        Entropy (8bit):5.183132927402597
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:8oVk8cejy3zGDq9CwW5t1pNwLxZHCIdVO:I8+DQZwLxFC
                                                                                                                                                                                                        MD5:CA8DC992F8F4EEEAB22E518C11993C93
                                                                                                                                                                                                        SHA1:BADEAC70BCC6AAE812EFE2D5C21FD7A2DA1710EC
                                                                                                                                                                                                        SHA-256:E8720BB51C825626C5F3CB184123A8F2CBA2B27408AC7E3624501A42EA18EA98
                                                                                                                                                                                                        SHA-512:80BE89F148753B29ADF5D5AE9D122CF9953192E4C84CC6A9471CD312E1C6A8B3759156FB602843AF15672BE596F24A133DC19B15893DD3C08A64E7BAD32014B9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x".j.q.j.q.j.q...q.j.q...q.j.q...q.j.q.j.q"j.q...q.j.q...q.j.q...q.j.qRich.j.q........PE..L...h..`.................*...................@...............................0......O[....@...... ...........................+.......P...................,..............................................................|............................text....).......*.................. ..`.data...<....@......................@....rsrc........P.......0..............@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sys

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):178192
                                                                                                                                                                                                        Entropy (8bit):5.70956700996967
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:221LC++3tKrQesPZVJe2H5u3bJWllFYoDSo2R/UHKnVwmo3m:H+MrQeOwJQFyo6UHKnVO3m
                                                                                                                                                                                                        MD5:72408521FCA0A5A39FC102C5AC66E362
                                                                                                                                                                                                        SHA1:B4BD8388DAC3E7970B2BF2E9F305E8802CB81856
                                                                                                                                                                                                        SHA-256:4FE88E24FA50D5870BCBAB4DBE70ADA6B280682FA17DAB008610465DDA4D58E7
                                                                                                                                                                                                        SHA-512:A6FC2BC20A3E8DF7BB31A6D3CBC0CEE4869E9179DCC5D78600C2893F24C5936226F4AAE863FBC3A83537B4C69BA1A26BDFB1239D365C741C9E59B4C1EF911536
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........?.sel.sel.sel.sdl.sel...l.sel...l.sel...l.sel...l.sel...l.sel...l.selRich.sel........PE..L...h..`................................................................................... ....................................d.... ..................$..............................................@............................................text....w.......x.................. ..h.rdata...U.......V...|..............@..H.data...............................@...PAGE....1........................... ..`INIT....@........................... ....rsrc....... ......................@..B.reloc..r............~..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):31144
                                                                                                                                                                                                        Entropy (8bit):6.45005930112513
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:0mnmSRBRQWj2jdkYpCMmzydjmNsc2pSTVEV3GPkj3UZ:HB7QKFGjmNsLITOEMK
                                                                                                                                                                                                        MD5:5F85D1A6148263FA5B0F68368840E644
                                                                                                                                                                                                        SHA1:890EF23C2592441AEEE5E54EDA628E25215F67B6
                                                                                                                                                                                                        SHA-256:E7DACEF5ECC8289199FFFCFB6859EA6BC308C602DAA24684BCB3D6D9FDF9919C
                                                                                                                                                                                                        SHA-512:7E491C0CC3EC1682D41BFB76C4FC10473F1D9F800BA7519C1DD1AFD8186DDD845ECCDE87F170A545A27D80AF4BA6AA2FA8FBD07D34256D2D7E54696CCA8BD091
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........[Su..Su..Su..Z. .Qu..Z.&.^u..Su..nu..Z.6.Pu..Z.?.Wu..Z.!.Ru..Z.$.Ru..RichSu..........................PE..d......`.........."......<...........1....................................................@.......... .......................................D.......p..x....`.......N...+...........................................................................................text...<;.......<.................. ..`.data........P.......@..............@....pdata.......`.......B..............@..@.rsrc...x....p.......D..............@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28584
                                                                                                                                                                                                        Entropy (8bit):6.610450236402353
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:+CgU5TxIr4qwCedA/u2EnHvs1vJMQJK2CKV48VEVFJ8ZcGwGBk7/UMQ3W:+QFI0qwCedB/HvsA2pxVEV3GPkjf
                                                                                                                                                                                                        MD5:10992B9F2436DE3DDF8B2E0AFD1040A0
                                                                                                                                                                                                        SHA1:C9EFA7BADB2B1ABEB84586F47512F1649D8E8CF0
                                                                                                                                                                                                        SHA-256:C5F1F14908488AA50D0584B1432386A838AA94117B7E16C1545FB158B1425522
                                                                                                                                                                                                        SHA-512:18F9EE23094D2356ED0736D2DA05CA6B2D6C8F1E562194A6431A4453456A0C4C7A0E6A9A09786C9ED8F44144BAC2BDDDD908F087F174B4054FCE1F1B916CE5E3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.)U/.G./.G./.G.&...-.G.&...-.G.&...".G./.F...G.&...+.G.&.....G.&.....G.Rich/.G.................PE..L......`.................2..........g*.......P............................................@...... ...........................;.......`..x............D...+...p.......................................................................................text....1.......2.................. ..`.data........P......................@....rsrc...x....`.......6..............@..@.reloc.......p.......@..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\eula.rtf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):96092
                                                                                                                                                                                                        Entropy (8bit):5.125892289083072
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:qsgbCfsZDFVc0P8ad2o1x3osI1vNjlvcwAZ3V2mN6y+DR7I7QQoNXtBxXYco9XFm:qs+ZD/yIIAZwrbE0
                                                                                                                                                                                                        MD5:3A84C8EADA945F4F7F041BC4BCD49F11
                                                                                                                                                                                                        SHA1:F50F5FA1589371F29C4B195EFCB82D2DC2DFE18B
                                                                                                                                                                                                        SHA-256:B83EE69EEA4EF9D0DB9E1A5214BFEF7295776BB1B6E007ECC021BAFF401032DF
                                                                                                                                                                                                        SHA-512:C1C7F5B176CCB574B2C67F8ABA63ABC7212ED592C35C45603AAEC6761176AF129691C9467A1DF8D86EEAFEF650335CC997686A024901BFFCA001CC7A2C186E57
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff31507\deff0\stshfdbch31506\stshfloch31506\stshfhich31506\stshfbi31507\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f42\fbidi \fmodern\fcharset0\fprq1{\*\panose 020b0609020204030204}Consolas;}{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0302020204030204}Calibri Light;}..{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbm

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):18712
                                                                                                                                                                                                        Entropy (8bit):6.763927590310724
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:WTrw7JCe+uOEGK4nghz4lIYiQ3YxrUAM+o/8E9VF0NySST:U8FH+OJYiQtAMxkExT
                                                                                                                                                                                                        MD5:2BB7BB9C7AE34B04D17B640B155435C4
                                                                                                                                                                                                        SHA1:2A4E6914897368D43969DBC56E011BC838295299
                                                                                                                                                                                                        SHA-256:6935FC9F4DA82D0A4C055E6FB658243F2BD172392FBB987E450A62F52C54058F
                                                                                                                                                                                                        SHA-512:3A1609F24B98AE9C8A47B414107D8D4E489BA70AFF717D9C8305C080263C91527696E7845560FD7A0D056B86A61720017E86038B86B446BDF6ED2DA4ECF995CF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>..........." ..0..............6... ...@....... ...............................a....@.................................g6..O....@............... ...)...`......t5..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................6......H.......8"..<............................................................0............~.......~........~..........(....,Y.....(....(............+:.......(....(...............(........{@...-...{>.......X......2...3.(........(....,...~.......(......(....&.*..0..........~.....................~............(....(....}).....(....-.r...ps....z .....-. ....+...`.....-..+..h}5.....ro..p}+.......(....-.r...ps....z...~....~.............(....-.(......r...p.......(....s....z(.......4.(...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.852720305698483
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:0N9VWhX3WBIYiQ3Xn5AM+o/8E9VF0NyJqR:YG7YiQn5AMxkE
                                                                                                                                                                                                        MD5:D9B35311DF479CAA8AA1F38F4F31AB4A
                                                                                                                                                                                                        SHA1:F033AD08AF638B47146B1B8428CA9043E4189394
                                                                                                                                                                                                        SHA-256:25036A2ADEC604629F1BE7B48B91C5BB86EC62747992B056FC00F697D666CF43
                                                                                                                                                                                                        SHA-512:CB3DD9D2043A62584112EC6DDF73D55C1BED838A69ADFF3161EE0A2D4B48007DFCE7559965190A961C0CC28B6EA142DB5DB4BE847DC121239B92B8B8979F0A3E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................,.....@.................................T(..O....@..0................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\NLog.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1470
                                                                                                                                                                                                        Entropy (8bit):4.90143896769124
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:JdNQjY88lsfEoKaQe1W04pyaMMW04FzMSMpbP3KabFx2ldnD2cc/Or:3b8ewngpXMzFzMSMdvClJ7r
                                                                                                                                                                                                        MD5:0ECA7C05DCB6880312350E079D1CDA3E
                                                                                                                                                                                                        SHA1:EFFC35AB59077DC1885443C5BB1FDE798CBBBEAC
                                                                                                                                                                                                        SHA-256:497C6FD5714049D34FDA34066F2B877D5CA5EBEEC2CE956821055BEF29187C47
                                                                                                                                                                                                        SHA-512:1E21B44F85DD65EEB273BA2DB2C2827F87D99B588293ECA5493D4647ECE0C1A968E0CAF2DECD289C32CB068458A7F95F125B4CF687EDA31AB84B568B4AED6E11
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. globalThreshold="On".. autoReload="true".. throwExceptions="false">.... <variable name="appName" value="ScreenBeam Conference Service" />.... <targets async="true">.. <target xsi:type="File".. name="default".. layout="${longdate} - ${level:uppercase=true}: ${message}${onexception:${newline}EXCEPTION\: ${exception:format=ToString}}".. fileName="${specialfolder:LocalApplicationData}\${appName}\Logs\${appName}_${shortdate}.log".. keepFileOpen="false".. archiveFileName="${specialfolder:LocalApplicationData}\${appName}\Logs\${appName}_${shortdate}.{##}.log".. archiveNumbering="Sequence".. archiveEvery="Day".. maxArchiveFiles="30".. />.... <target name="debugger".. xsi:type="Debugger"..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\NLog.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):877336
                                                                                                                                                                                                        Entropy (8bit):6.063763326515151
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:o9RFbNhtvN5FtwfJH1h1S3sg6U/qxurzEZWgb4s6swKbUsQD:o9RFbNhtvN5FtwfHHUwRL96sw6UsQD
                                                                                                                                                                                                        MD5:8DDE3F8335ED6EF60A81116DF82FD43E
                                                                                                                                                                                                        SHA1:3D763DD2D89CEB76294149691B3D939ADBDFE900
                                                                                                                                                                                                        SHA-256:7B47C5C2F17BCC5CE6CD06A2C506BA4DB6B4BDAF71D9196AAB19B2AD2171DC7E
                                                                                                                                                                                                        SHA-512:7AE5602D9E7B5D76F978E6ADFA38D4F0AAE348309A326141633FE349DD7C76FDF86284360AFBDBF68A8215BAF7338268AA191DC090DCA16238E89EBEEB990276
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%............" ..0..,...........I... ...`....... ...............................s....@.................................sI..O....`...............:...)...........H..T............................................ ............... ..H............text...T*... ...,.................. ..`.rsrc........`......................@..@.reloc...............8..............@..B.................I......H.......................t=......$H......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(Z...~....,.~.....o[......+...(......o\......,..(]....*........../7......"..(....*6.(.....(....*..0..........(.......o^...&.*.(....o_...*2(.....o[...*....0..?.......~..........(Z...~....,.~.....o[...+...(.....o`...&...,..(]....*.........,4.......0..?.......~..........(Z...~....,.~....oa......+...(....ob......,..(]..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\NLog.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (385), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1645140
                                                                                                                                                                                                        Entropy (8bit):4.575621274286417
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:3bDXjSkpsv6ZrgFFG3WeA32lxC78ZaRIHp8TEKcQonqDhIrMBc+6z+beKX:PJe5eyEKT
                                                                                                                                                                                                        MD5:33F4C5EAE89E721F97931787B2CC53ED
                                                                                                                                                                                                        SHA1:A94DF5F3B256C2871D75443777A2EF13F5442D73
                                                                                                                                                                                                        SHA-256:5F67CA9E5B26279BF3E52F4DDDCE531E819633163A82E6811FFCE1725369963F
                                                                                                                                                                                                        SHA-512:CAC58C2E0BB42029F40E4DC16ED8EA02C54B686370D15F75A24894FE82DA61041B61B01A5312974D1BDFAE58FEDD1B452FDBA4DFE2970CACF8D5753BB4F42556
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>NLog</name>.. </assembly>.. <members>.. <member name="T:JetBrains.Annotations.CanBeNullAttribute">.. <summary>.. Indicates that the value of the marked element could be <c>null</c> sometimes,.. so the check for <c>null</c> is necessary before its usage... </summary>.. <example><code>.. [CanBeNull] object Test() => null;.. .. void UseTest() {.. var p = Test();.. var s = p.ToString(); // Warning: Possible 'System.NullReferenceException'.. }.. </code></example>.. </member>.. <member name="T:JetBrains.Annotations.NotNullAttribute">.. <summary>.. Indicates that the value of the marked element could never be <c>null</c>... </summary>.. <example><code>.. [NotNull] object Foo() {.. return null; // Warning: P

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):55064
                                                                                                                                                                                                        Entropy (8bit):6.490110552698265
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:DKrpaZ6u4qDPfGh8sDv/QmbPsFaoDYgI7Qlx:DKrpaZd4qDPfG3DQmPhoDYgIM
                                                                                                                                                                                                        MD5:96C4EABB0E30391A65763F66415354F2
                                                                                                                                                                                                        SHA1:45C2A3B4042328A9401EC95F0A96F113959A9CDB
                                                                                                                                                                                                        SHA-256:BF4444BFB6E201D2EB315F5EAAAC617041127366EF1FBD7D20E153620225B267
                                                                                                                                                                                                        SHA-512:071EE7D079AC0FA5D3ACADC53FC82BF433FFFA592BB6514B8E7C34AF18C9B69E20A00E26DF4632955AE1CE5BCE42974DB63E5173CB2CD8CA452100F10BAD5562
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e.........." ..0.................. ........... ....................... ......Xk....`.................................H...S........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............8..........(...h............................................0..........(@...*.*.0..o....... ....(%....~.....o.....(....,..+..+.-..(0....(0...(.....o...... ....(%....o......o.....,..+..+.-..(0...*.(0...*..0..........~.... ....(%....(0...o...... ....(%... .~..(%...(....o....o.... .~..(%...(.....(0...o.......,..+..+.-..o.....~.... .~..(%....(0...o...... ....(%...~.....(0...o.......,..+..+.-..o.....*........@[...................0..........~.... .~..(%....(0...o......

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*75 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):38400
                                                                                                                                                                                                        Entropy (8bit):3.097681309335531
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:CwFyFr8sKK8PuuN/qtMfrdAU8sKH8Pu1dL:CwFyFr8sKpPua/xdR8sKcPu1d
                                                                                                                                                                                                        MD5:EE633CA4D9B35855BBE69FE010669F1D
                                                                                                                                                                                                        SHA1:174460DC05E7272F4D7EED7457067849E60DB4F4
                                                                                                                                                                                                        SHA-256:F3F3104207128C7DC15F0CFD00A3F7A0E4DCE8C3F3AF49EC34D8B4797CEE9E4C
                                                                                                                                                                                                        SHA-512:9EAEF0A16F144CEC11B0BDE9297C6BE994A4E2BC9CF5C266B913E5F21CE613B2B1034E7C29001B84971B42B3CE2B316288534625898CF36ED3E3F9E975010FEA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........K...........G...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):68376
                                                                                                                                                                                                        Entropy (8bit):6.406572056711903
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:8n7FkdvcVdZFwr/hzj446efotiQhl62fvHFM77Fs7lvx2yr27Q2Wbx:ZkGcCfbQhY2H0C7lvxp2M
                                                                                                                                                                                                        MD5:1F336B4C38C3F5F2A9049BEBC2FFD41F
                                                                                                                                                                                                        SHA1:05BF5D1C9C7B551572D0C679DA5C5CEC42FCEBB1
                                                                                                                                                                                                        SHA-256:23E0FC608637D1C493381DA16632034D21C70F88F1FD70EBED98E79F6835D6E4
                                                                                                                                                                                                        SHA-512:7D8D729A4899AD34B8A74B746C3AB03C464B3C03D84F812A2CAC8008D737A0C50A92808830935FC55B9839B40848ED11357C2FA8D5121CD86EBBBB49CCD8A5EE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e.........."...0.................. ........@.. .......................@.......6....`.....................................O........................)... ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........$J..........0...x............................................0..........(m...*.*..(....*.0...........(].....,..+..+.-, .;..(R...(......(...+,..+..+.-...(].........,..+..+.-\..(......~....(....,..+..+.-?~.......(..........(......$.~....(....,..+..+.-..(....&.(....&..*.......l....$.....0..C.......~.........(]...(....,..+..+.-#(.... X8..(R...(.........(....o.....*..0..{........~.....+:....(]...a..+"....(]...a.....'YE............7....(].....+..(]........+....2YE......

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20025
                                                                                                                                                                                                        Entropy (8bit):4.982975960150322
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:hr4ojlKyuWEH+3HGReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSL:hr4oB53mPUDCTHffI3
                                                                                                                                                                                                        MD5:51761DEEA245E324DC8A3BD88B37C929
                                                                                                                                                                                                        SHA1:70BEB9E6155395D90A96366BE1BA4B3FF49562A5
                                                                                                                                                                                                        SHA-256:5B1A1ED1F20C95E0C5AE12DECAD909256F1247285290848F95D4425D4ACA317D
                                                                                                                                                                                                        SHA-512:5F1EF64B9D8935DDB838AE9EC0A2CB6C5908B21A395135621DD7D0E82F02C6B6D0830F46B5073F92A6C59B67B0F3BCBE580405D00D21EC804D879BF79BBECFBA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <system.serviceModel>.. <services>.. <service name="SBConference.Service.Service">.. <endpoint address="Service" binding="netTcpBinding" contract="SBConference.Common.IService" />.. <host>.. <baseAddresses>.. <add baseAddress="net.tcp://localhost:16669" />.. </baseAddresses>.. </host>.. </service>.. </services>.. <behaviors>.. <serviceBehaviors>.. <behavior>.. This should be false in production systems -->.. <serviceDebug includeExceptionDetailInFaults="true" />.. </behavior>.. </serviceBehaviors>.. </behaviors>.. <diagnostics>.. <messageLogging logEntireMessage="true".. logMessagesAtTransportLevel="true" />.. </diagnostics>-->.. </system.serviceModel>.. <system.diagnost

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*131 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                        Entropy (8bit):3.486225836795622
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:ZpUCU7Rgu4iTcKPzBC6Jr+0ZOpj2oFcRgu4iTcK4cDF:kV7l+QOt2oFJiF
                                                                                                                                                                                                        MD5:C547D45434E0F8F9112DBBDDAB020B38
                                                                                                                                                                                                        SHA1:74681395C632E69B66DF2CFF0CD0B0828E936C09
                                                                                                                                                                                                        SHA-256:6DAEF5CEBC27EA9779CB58250B4D5B36BAC74C04062E52B1638429D301DE2512
                                                                                                                                                                                                        SHA-512:16F65DEE05733C3462B0D0A48F9C3A9E087A37189BE5E207F7C59826B36974CE873342F37721C711D3785A50C813DF3A664A4278B72213A6FEF5FE1D412F7F1E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................|...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.8181372267055975
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:MDNxWQFWAIYiQ3VArAM+o/8E9VF0NyzkT:MDNVSYiQGrAMxkE6T
                                                                                                                                                                                                        MD5:1A1DCE27807D519F878874074CCC3ECA
                                                                                                                                                                                                        SHA1:1A6471253668A71EFB78B804B161A26EAB1B7B55
                                                                                                                                                                                                        SHA-256:8A453AC62FA7FF2625E2C8B91B1AFCEB27908AF84DEA1FBF0E416B92A4BC298F
                                                                                                                                                                                                        SHA-512:0780370F38590A11447A19D7F89923A9A1E9BE310E2B83237588CD27BD2D2EF9E147B9A55D91A4E2947E579C6F9201286E8E8FE1C36A968B2670EE4261BBEEBD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ...............................3....@..................................(..O....@...................)...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.915895135077201
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:bm2igOWnW8rWeIYiQ3eQAM+o/8E9VF0Nyh:LtSYiQPAMxkE
                                                                                                                                                                                                        MD5:791CE3DFB3082DF17146D0EE55B1F4DB
                                                                                                                                                                                                        SHA1:44A561CF6A3D183F2545C2BDB4D9AC8ABE296EA4
                                                                                                                                                                                                        SHA-256:DD2C76561229CBC995DEDF11F77E7A59E6BD51C7EF72F71F79A4C34274AD451F
                                                                                                                                                                                                        SHA-512:C0D91DACF15DD46E71A4D246899C7441D8FE8EEAB724E81821572189C6681D73FB5D077152EF9898E9EC3BA3404969FDCFA53D3F9C071F79699C8412AD3ED03D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................A@....@.................................t)..O....@..D................)...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.906747169924331
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Jnapn1iwwPWcGW3IYiQ3IZAM+o/8E9VF0Ny4U:ADugYiQSAMxkEd
                                                                                                                                                                                                        MD5:38C965A343FB9627E7B96900BE2F4B4A
                                                                                                                                                                                                        SHA1:578041E11C4E25D8079A3476A68A7E3AB0F20AC3
                                                                                                                                                                                                        SHA-256:EBC6FC6FDAAA621B6850E11A6D3C06E3344980DD2C90BA36CBC568153F7DD067
                                                                                                                                                                                                        SHA-512:81FB6816CDF5DF2589489116B97300C265700302B910BC5E86E43D7DE171B2BE9ED6D78D8ED0F67C5BD41B57401BFA3F4DA3074849A778430B8025B38C799590
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...................................@.................................p)..O....@..@................)...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.9106455036425
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:pHLaEav5aaUa6arWVLWOIYiQ3yDAM+o/8E9VF0Nyic:MPv5t/NOyYiQWAMxkEr
                                                                                                                                                                                                        MD5:6AB76980B8A2361220E0A46129F2D79A
                                                                                                                                                                                                        SHA1:389118C7D922BFBE3AE9ED2216242B78E952A210
                                                                                                                                                                                                        SHA-256:158E446F31A589319DCB845B8462FB83539CC892F88FF5D0C57FBD88B03D341E
                                                                                                                                                                                                        SHA-512:EFDF6DC3635D362D5D21715EFD91293BCB15A8CCFFD9301823E484B5750C1C7B2DB07BA813BE511709C0E962927D0FCDC336E1EE16335354E48C1A2491E1B963
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... .............................../....@..................................)..O....@..P................)...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Collections.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.770721483962757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:16iIJq56dOuWSKeW4IYiQ3ftvAM+o/8E9VF0Nyy+:biAhYiQP9AMxkE7
                                                                                                                                                                                                        MD5:AB6C2D882256C5E0AB5D7C55B39A9CA3
                                                                                                                                                                                                        SHA1:73A5F0153AC0599A92BE5C1F7ECA791BFCFED9CF
                                                                                                                                                                                                        SHA-256:2012000E25A90DCD54B30ADC419B2B14C4AF5AE2E8CE308DDCE6EE43AEB72FA5
                                                                                                                                                                                                        SHA-512:E88DB8DF2E28B09DC80FA7FA26E16C7F0317281BA44D9699046D5745F2E9B9566C95F4E91926D9D56F8130CD8789B3A7AA18FC56C8462CBF502C3EDE72FA2D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ..............................\.....@..................................*..O....@...................)...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.823385420005505
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:jnzz+MpSaLWW0+WnIYiQ3op3GAM+o/8E9VF0Nym5owuG:7puoYiQKWAMxkEcowu
                                                                                                                                                                                                        MD5:D524EDFFA6A4B210B59C5F8B71EEEB07
                                                                                                                                                                                                        SHA1:BB9E62BD6AC0719CC9C2D6BEC7BAD61A81CA46B7
                                                                                                                                                                                                        SHA-256:04F3B13F8ED6AACFDA518388020D950BD6FF59538CC1836A0D8A366EE172D046
                                                                                                                                                                                                        SHA-512:0209CE9B4821D0829C6E64D994E979A5DE6C676E316F1ED0346AE2CBA3D24A8754713F0146C6576045A9A1E9563C84A8B1CAF741678D0CF7393E876CE6572157
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ..............................Km....@..................................)..O....@...................)...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.868970846955799
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:yGhr+YUfyHxsW/HWqIYiQ3QNZAM+o/8E9VF0NyNY:xkmyYiQiAMxkE
                                                                                                                                                                                                        MD5:907FF708B2E03E01DD8E340E96934DA7
                                                                                                                                                                                                        SHA1:8B30F1BFE30E3B73951202FBF394D2B3F936DFB0
                                                                                                                                                                                                        SHA-256:69E5F6DB1647CF98C99B72E04591D67597F39716AA5F4D5546A7840733E7AF97
                                                                                                                                                                                                        SHA-512:E7BA35DA0041868C01D669B690B04CC0A8F0CE72C91B011F89A32FB92C79FFAA28BC65B23A29F8B0E6FBEAD1F817487815DF600A3C90B8168C784FFF98FD706B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ..............................].....@.................................<+..O....@..`................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17176
                                                                                                                                                                                                        Entropy (8bit):6.8009368439614954
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:ORE+ruiA5vzWeNWsIYiQ3KLY0AM+o/8E9VF0Nym:OS9beYiQyY0AMxkE
                                                                                                                                                                                                        MD5:02101B1A33F9B64F8A9C9F399E263F1A
                                                                                                                                                                                                        SHA1:5256E40F5B2766AE7585A3C99A25EF873A6441C1
                                                                                                                                                                                                        SHA-256:095286548BAC50A7A518D0A88E26B2AFC763F45FC1BD56B34F923D9EBA2571DB
                                                                                                                                                                                                        SHA-512:73AE3BC6C73FFC951CA2EF807EA45AFD81C96A44A0696A0E1FDFF39BB838CBAFFC6E65EC07FA778969008D8D94723D1B5B80F8567B6C3067790557D92E66237F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ..............................C%....@................................../..O....@..p................)...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.8596506459743996
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:VT+6ywnVvW0LWzIYiQ3zHHzAM+o/8E9VF0NyBtT:V99hYiQjHzAMxkEd
                                                                                                                                                                                                        MD5:FE1A75249B995A3126B0E64FA2F82943
                                                                                                                                                                                                        SHA1:C6459DA86E183E2CD0668DD895A99B3EFF94A66E
                                                                                                                                                                                                        SHA-256:FF8E3202E316E945B1DA4DBC283941AFBACF0A75CFF16C7FC127EC607815E055
                                                                                                                                                                                                        SHA-512:4E07024F999A99D98211078FBA77A49A942F3647E92963C583947D9DDD9F74CD8CA298FFD2C7F9DA3303D540696651CF5EF41E42C5E99575A40EBA5EBE1D252E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................T!....@..................................(..O....@...................)...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Console.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.855106039554965
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:dRbzriaXT+WlEWbIYiQ3wAZ9HAM+o/8E9VF0NyDnq3:f7iciYiQlHHAMxkE5Q
                                                                                                                                                                                                        MD5:8B2C2014CD400BDFAC5A9021E32766C6
                                                                                                                                                                                                        SHA1:C105615820015D13068E77249077ECD5D9C3767E
                                                                                                                                                                                                        SHA-256:432A799715EAF79EEB08874D85E852D5540811D7C239564849DEA8D2DEFDB996
                                                                                                                                                                                                        SHA-512:B1A3CE6036C922E5381CEDD316E6137054A34007E5090617C094837F575756F52FEF617C97B363ACF6D8618D80FFC7E96987FDB589F71AF7DAB842B12B159609
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ...............................o....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):148760
                                                                                                                                                                                                        Entropy (8bit):5.42385291947334
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:CdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+SM:I+2jv1x0ebezWiu
                                                                                                                                                                                                        MD5:8BA74A188D851D4D58CD45D0143E4C45
                                                                                                                                                                                                        SHA1:1F51BF3DEF08848970268081D9265B1E9067D192
                                                                                                                                                                                                        SHA-256:1A51FC399C56E074A92C9C75835E8C60F4B0A88565B9AC8352AB117870130D1D
                                                                                                                                                                                                        SHA-512:AE614F030414D2FD4CF64BF96D9BD4A28EB5219AA0A69DFFC3443FC9B1E9F41DEBFBE16FE5AA54D30AE3D16EDCE8F06E5F712826B24FF8EBD3350F64A4EC4F95
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ....................................@..................................,..O....@...................)...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.826224446231502
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:iRtRWjYWCIYiQ3baDAM+o/8E9VF0Ny2cn:EidYiQ2DAMxkEB
                                                                                                                                                                                                        MD5:6FC486D5EA4D271F344FE901145F195A
                                                                                                                                                                                                        SHA1:9713EAB99273693E87D7B5349396B08023C8AC9C
                                                                                                                                                                                                        SHA-256:2957C5CF481AFDCA430B038DFB98FB15D9DAD808092A7312B1ADC999BDC8F335
                                                                                                                                                                                                        SHA-512:A033905CC9FF1E3C2AE70FF790CC30D52E369713A3F0E748999E6B30205D43FABF11C9BF9B448BC54A93923792AA4B75A376DEBA25614B4E5ACE1BF6435DF71E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................Q.....@.................................x*..O....@..@................)...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.899051769056459
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:xFxrIFWnoW5cIYiYF8uegv7cER+zKUA5K+o/y2sE9jBF0NyDRadS:ZeWnoWGIYiQ3qeUAM+o/8E9VF0NyQI
                                                                                                                                                                                                        MD5:A49A59DD28D4C285D86CC8E87DF993F1
                                                                                                                                                                                                        SHA1:C37871414C5C0FD3D6B26D9045B1381095FF7934
                                                                                                                                                                                                        SHA-256:6DF0AF71BD6C58802CF9C91637F554D2998636F72D419860A319F07A76CA8331
                                                                                                                                                                                                        SHA-512:48E1A85ADF6A3FF39A0E9D9B2BD540C1C3796672E29C05B032CD3B1AC3805C835E91BDA2423CCEC9C62B4036A81D0FF675DCF974D3BD171469D04C9DB25525FF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................X)..O....@..$................)...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.860992593527261
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:gxGxIZWJjW5l2IYiYF8uegv7cERWptl9A5K+o/y2sE9jBF0Ny7e6aS9:g6oWJjWX2IYiQ3ip9AM+o/8E9VF0Ny2o
                                                                                                                                                                                                        MD5:44C6AC06A9CAAC2C6882C98E30324976
                                                                                                                                                                                                        SHA1:8276BCBE905FD7D9E45C36094AA910C614E6C468
                                                                                                                                                                                                        SHA-256:6F6FD7E2D906F77D1D960E01EBC28F47A7F754A2942DECD89C74BFD383C9198C
                                                                                                                                                                                                        SHA-512:F72880A62F9203355668F46081D056C5448DEF3A3C8F8898336CC8C502DEF531506E2A8D3D27FF89A0275E9CC743E386E8A41FDA8B645FF4094761526D678AF2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@.................................H(..O....@..p................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.7871731133338535
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Oqk53/hW3fZ+zWmLIYiQ3+cj5avAM+o/8E9VF0Nysp1v:Oqk53M60YiQ79YAMxkEuh
                                                                                                                                                                                                        MD5:B9097A30121C6EB7F9E2AF3F696A219D
                                                                                                                                                                                                        SHA1:1887E290324250CECBA56BED616D8F43D2393B89
                                                                                                                                                                                                        SHA-256:F94F9A441111BDAF05BCC1F50AC0E7CA6ABE221DB21016C5A52A7CEFB57D672F
                                                                                                                                                                                                        SHA-512:57ABF4CC3977439B8E73523095CA28A9FD97FA63CBF7052AB30FEE3BC3352730726F1B061F499895A4CFEDEC7DF3027A07F0139FAA172F0E7F482F1D48AA86A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ...................................@..................................)..O....@..0................)...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):18200
                                                                                                                                                                                                        Entropy (8bit):6.674010779372766
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:hFCc4Y4OJWfOWqWWOWVIYiQ3/PqAM+o/8E9VF0Ny4QQ:TCcyCSYiQnqAMxkEI
                                                                                                                                                                                                        MD5:4600B3B79E794B1C262F710CB0EAECD5
                                                                                                                                                                                                        SHA1:05A445BFAAE50BE4E7D995BA4ADEED4AD3AB9688
                                                                                                                                                                                                        SHA-256:A637DD15AA7B34D8F2553F113308B0F08E00C074F1AE9825EAC2D6747F9DE41F
                                                                                                                                                                                                        SHA-512:A7961C363C5D2F802A3DC94C7D3C9DA8024EBA97C012760C77CB8C2BECA466D61005730B407C87FE065BF1E57A16C54C0C62C11A00C6D335CE4188818534771F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@...................)...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.881873288486167
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:5lTx93aWxMW5wIYiYF8uegv7cER8fKqYvOA5K+o/y2sE9jBF0Ny6aDm:ZAWxMWiIYiQ3ofHjAM+o/8E9VF0Nyt
                                                                                                                                                                                                        MD5:F67C2B4F19F8474FA868F8A998ED4BE7
                                                                                                                                                                                                        SHA1:9ECB9544F742A447B6B58690FC164645C4F0468C
                                                                                                                                                                                                        SHA-256:4B3A513505EB09DEFEC69D5E58FFAEE24E0F1126279D6AB9A121A65640FB316F
                                                                                                                                                                                                        SHA-512:B068043A5FAA907668F965583E0091A7F6232B5D6B72C982D52CF1728D2B486FEABEB814DE94576F3C7596A1163DB41C89BA561FD75F73B1D76DFB2C463A753E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................U.....@..................................(..O....@...................)...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.863601477314202
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:HAlcWHaWNIYiQ3D+uNwAM+o/8E9VF0NywCX4:k9uYiQazAMxkEFo
                                                                                                                                                                                                        MD5:E8BBBDD59E59CE9D492DD74F99B6342A
                                                                                                                                                                                                        SHA1:2D5375F30CEA7FD99AA055FB94113E19945084CC
                                                                                                                                                                                                        SHA-256:BFDA4DADC10E0A849D41B1F1B43238B6612238183FC1940940C80C2DCFF5621D
                                                                                                                                                                                                        SHA-512:5D7368602FBACA3FB097566FBC34A935B348E601B070102983F82E3ADC5F3BDB1474ECE861D7064943F6B0B9C97D362CA8C295FFD3EC194872E74BFF3391A544
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................)...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.790650504713329
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:dBIZnWlNWVIYiQ3lSLLAM+o/8E9VF0NykcL:XUytYiQYLAMxkEh
                                                                                                                                                                                                        MD5:87C97D580AC73911F9D881BDF46C4022
                                                                                                                                                                                                        SHA1:3E2538CA690F205DA2E8E995997A4521D604835A
                                                                                                                                                                                                        SHA-256:CF7B3DD29DEB3FCB159902F29C5BBA65189C12AE0DC54A7C54960A9A32E25F5F
                                                                                                                                                                                                        SHA-512:82E84E524CD28DE3778519124807E2E36175178AB8A01A71F9E3CBDEADA5A30EDE5C571B08FEED015B6A5339F1D7F80FAE9FB7C0DBCFD71CCE02A12C7CB546FE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ....................................@..................................)..O....@..P................)...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):25880
                                                                                                                                                                                                        Entropy (8bit):6.507238852957929
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:wlQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWZIYiQ3guAM+B:eQq33333333kX+TBi8lYiQHAMxkE
                                                                                                                                                                                                        MD5:9E050CFBB88E802A0C4AF830EA685E56
                                                                                                                                                                                                        SHA1:85ED18B0E36AFEF47A6BD743BA93B4D78BE76D4A
                                                                                                                                                                                                        SHA-256:7CC689DE71F9F4A4283FC9A25C388E59A2FA6081E14C1CD0231A3635F6F5A118
                                                                                                                                                                                                        SHA-512:4DB6A9CB4175666E7637476FBEC11ED178247BD46FC69AF38B98D5004938243598808E4FC7DDF861A869A918181619C16E020A87B0D04C0CB6CDF36FABDCAFC9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<...)..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.8579364851651
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:q28YFlXulWY/WiIYiQ3lHeD0AM+o/8E9VF0NyLg7F:q0qOYiQV+D0AMxkEp
                                                                                                                                                                                                        MD5:97F75D1E3FA1B5F8E6EA45D8D0503FF7
                                                                                                                                                                                                        SHA1:C8DB90A7F4225EC855A2F07006A46E4146AA9E2A
                                                                                                                                                                                                        SHA-256:C1A9951946606B75CFC5F93F24539694E7E5247578503CE13713BAE87CA436C3
                                                                                                                                                                                                        SHA-512:F90467A4C0E353AA98E2B06BC647E92D6B17652ACF4D4A94A36DD369C8D5EB272F7783B1A3A4F4D7024749F8D09726010FBEE8CDD1669B0B2B665B29F1301943
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................)...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                        Entropy (8bit):6.740197460284294
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:puMLcdQ5MW9MWpIYiQ3fz7jGegcAM+o/8E9VF0NyTQYM:AOcSpIYiQvjqcAMxkECp
                                                                                                                                                                                                        MD5:132B512582A4BE6650E2776846DD9F46
                                                                                                                                                                                                        SHA1:C270AB1B5B1AAFBB59B44A6CF9177CFF8BF1F7AF
                                                                                                                                                                                                        SHA-256:30407BE5F69F0B2EC2B1335F05A51028B104A0604645638FD2DFCA546061143F
                                                                                                                                                                                                        SHA-512:094C636201C7F0F00E59C73A80D3FA4FFBDEDEDA4A4A204D4BF9D46809BF63D92295E2A2E93590C5851B8807B3BBF91BCBF15E45F1651F1ADB24AB27B56113C2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@...................)...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.824237069640048
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:iZ7RqXWDRqlRqj0RqFWGIYiQ3Ao8AM+o/8E9VF0Ny22:y9qKqjqjuq4YiQ38AMxkEj
                                                                                                                                                                                                        MD5:1B466730AC0D5FC3154F36ED6EDEA8C6
                                                                                                                                                                                                        SHA1:A814A98E02930F8607AAABA50ACCF56F15038B65
                                                                                                                                                                                                        SHA-256:76BE95862A6C2CB0ECF02F3E353F0451D52175DE45BB044AC8EBF4CC69179121
                                                                                                                                                                                                        SHA-512:56BC4A45F11EE44A1C0B9D974F02DAB0EB16BA18960EC2F5E64E1DCD3CCECF877BB605D030AD6B2F12AF980A08B7724354A81D4447E767A0EFBB561208BE1BCF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................uL....@.................................X*..O....@..P................)...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                        Entropy (8bit):6.636810892805951
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:NNBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9W3IYiQ3mpAM+o/8E9VF0NyWH:NvMhF2SzNzwu/NljuvYiQeAMxkE
                                                                                                                                                                                                        MD5:6FE57A0D28311407EC673FDF74292B52
                                                                                                                                                                                                        SHA1:B297E157AA6233D9C8A815CE0FA2BCDF996199F9
                                                                                                                                                                                                        SHA-256:821955C094E482808FDC2BF31DF76BA6467D2352CD1DD9C4506047CA6B58132B
                                                                                                                                                                                                        SHA-512:75FE4DF0E28E9446E29D1CB43EBAB56B1312FAE0CC5A4BF6621633A1D8A5BE14E39D6155A2FD09B78DEA811A3F3045DB0DBD094A559434A1706FFF8F944D06C2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&...)...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.906255671226214
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:UZ4RLWdRfRJ0RZWOIYiQ3f0AM+o/8E9VF0Ny0AS1:UZK0pJusYiQsAMxkEbS
                                                                                                                                                                                                        MD5:9324D61CFB3F4FFAFB34F0939F2C4647
                                                                                                                                                                                                        SHA1:5355AE65F9AAC883803AAE52C9DD19AA3AE7CF78
                                                                                                                                                                                                        SHA-256:0F569BED08B58F8C9C88D7E6769D545F81DD55733C5E2FA8A2597AECC77922B5
                                                                                                                                                                                                        SHA-512:FB7544031A667677D13DC4376733203E466143845056B906C7CE2EDE48A6A683F83B7B59968EFFB5E18B92F138EAEC2C716777296F1393A2D1EC5221AEC1DA79
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................d....@..................................)..O....@...................)...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.803212309684524
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:pYWsmWCIYiQ3WseIAM+o/8E9VF0NyaXfz:p2XYiQleIAMxkEgfz
                                                                                                                                                                                                        MD5:876200C570D6266B8C984902F6725509
                                                                                                                                                                                                        SHA1:70AC1C15E94AA8B011DDB8EB265AD25316A8081A
                                                                                                                                                                                                        SHA-256:3FD940492316F7603B4D50FA2B1210CB59CB1A6B499884E35090D13DAACD93B5
                                                                                                                                                                                                        SHA-512:9555734C33492B0C934FB3CC9C232CAA88AC508F12CB125AA7C72BE92E62C0E07588E5240338E053E65615A77F414CABEC85C989DB30AF9D2ACB9D944A456CC2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ..............................N.....@..................................'..O....@..@................)...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):105240
                                                                                                                                                                                                        Entropy (8bit):6.3860849704207965
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:pvc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXQ7QXx:lgk1tiLMYiDFvxqrWDWNoJXQM
                                                                                                                                                                                                        MD5:65ACA0E6B8B6F6D77023F1943E93451F
                                                                                                                                                                                                        SHA1:C2741DDBE182695DCE501BC7326533DEE45D0374
                                                                                                                                                                                                        SHA-256:67531BBCED35D5147946B072CB66E9C2CEB6008232075FB3A1C20DF2CD01B76F
                                                                                                                                                                                                        SHA-512:4BF40148AB9BC2AD6806B80E823EFDDF52B6BE2485A1B2C09CFA54D085E04BA7979056A090C8C0DA8F16AEB59286B54BC88142456D1C559EA2AD3C5ADDB96DD1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ..............................a.....@.................................5W..O....................r...)...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.863991088788483
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:GKcuz1W1cWdIYiQ31+pKAM+o/8E9VF0Nyzxar:iu8gYiQ3AMxkE7W
                                                                                                                                                                                                        MD5:38A903473CEECD9A6F9F44FB38D52685
                                                                                                                                                                                                        SHA1:F4B19877B9A6BB9704CC545CCCCF455AE762150F
                                                                                                                                                                                                        SHA-256:72EEFFA9CB16BD0BF961D348CC56DB39E7A7D2C8A45780411B625F2F7F636822
                                                                                                                                                                                                        SHA-512:E9FA00514E1E2B62FBB3B8EFF7B625F2F3E085ACE553A97FAA975E836F3975F57DED503AEB22C86BB47D57F3FB864153391758CD34D1EF799952D69440ADCAAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................=.....@..................................(..O....@..P................)...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.869552614184726
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:d+SWikWAIYiQ31R3AM+o/8E9VF0NypVEKXM:d+ePYiQDAMxkEZM
                                                                                                                                                                                                        MD5:F78542A53723C45E2CABF32807F6F18A
                                                                                                                                                                                                        SHA1:C94D60AB4B0E350792489E479BFE7AE8AF84295A
                                                                                                                                                                                                        SHA-256:727B9A556B43C687C0853BB4885492DE8B08475EDFCBB6AB3C57C91C0C39DF09
                                                                                                                                                                                                        SHA-512:07B93664DC6F539DBFB675C070085884D0114A5F9BA9F987B850400CCADC3987C251C11AD9AFB4E2DD810E369985A1C365D70E79C38506327B1E763EA4679F0F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................a.....@..................................(..O....@..P................)...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.917847484860439
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:4AWzgWEJIYiQ3GMy5eAM+o/8E9VF0NyigyK:4tBYiQxyUAMxkECK
                                                                                                                                                                                                        MD5:A8E03B2B2DB2EACBF633BFFE3A5CBB95
                                                                                                                                                                                                        SHA1:B129695C862EA5D8ABB20222558AD9E72973F587
                                                                                                                                                                                                        SHA-256:D1B04FD6C194B6E10C0DE898C8D77F20A9E0404867A4D1A2EC28FF1FB0A0A410
                                                                                                                                                                                                        SHA-512:BF1555679D6646CBC45D24015282D7BC84AF9DE18017BAF9891B775921B66606D59509CA963074D3F284C89C27757D1A50A89A2B7C2C463BE8D28D07EAB1B5B7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................9....@.................................p)..O....@..@................)...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.874632474082433
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:EBLRWbYWnIYiQ3UGodnAM+o/8E9VF0Nyu:EB2+YiQBUnAMxkE
                                                                                                                                                                                                        MD5:4E102BAF4F42A92B8C99A1C50B6FF1A3
                                                                                                                                                                                                        SHA1:5BA057E43718860C1F2BC3EACD6A20F55D50B5F4
                                                                                                                                                                                                        SHA-256:6987A172110950732FB9BA32F66A807A131EDAD67F3EB3CCAAD7AB2BD907682B
                                                                                                                                                                                                        SHA-512:62F76D56C971D7350696EEC388AC1309926B6CAA395EB02EAC0DB7C2C1F9B3CD26738AB55232735E7ECF409D958234A911090405377B8022574641A889718E41
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................G.....@..................................)..O....@...................)...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.8571197808213515
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:3ZxcMRW4/W5tAIYiYF8uegv7cER+e/A5K+o/y2sE9jBF0NyAa:zHW4/WXAIYiQ3Ce/AM+o/8E9VF0NyD
                                                                                                                                                                                                        MD5:59297CF9A5FD9E8411EBFEA73623EB82
                                                                                                                                                                                                        SHA1:6B678B827FA470B31623050656853965F865E40B
                                                                                                                                                                                                        SHA-256:5190EA3C0BDAAAD35DE2309E48BFEF63844FA54691F63721C5F79E24F5AA3E03
                                                                                                                                                                                                        SHA-512:171FF1F84353AA4D1DD311D05A8C97DFA22F7A005EC85459A692D1D5EC504F2B49549ED7E8E52D71BFFFC3A2464CEAA5C44FF05B6A70973C3DC565ED3A9B6CF0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................)...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.919570241054579
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:vvk7hWmCWJIYiQ3v5zAM+o/8E9VF0NyS2:vs7/yYiQRzAMxkEh
                                                                                                                                                                                                        MD5:06749E9551CCC31A0BFBB53D68C3F038
                                                                                                                                                                                                        SHA1:6C3F67D2D70728F4F5C0CE18D8E601C0231A2DFF
                                                                                                                                                                                                        SHA-256:49E75F024C074397C53DBF0167A590309BC5DC2B859C29C94681452138D285E6
                                                                                                                                                                                                        SHA-512:10CC45CF85E468D26A32EAF0AB89B4B2246B91E3A89F91F10551F73E18423485398243702DD163D5693741971902C93430E2CF18EF0770DB37A14466FF66B527
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................Y.....@.................................h)..O....@..0................)...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.880702327205784
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:8UiW2xf+C/WCUW5JIYiYF8uegv7cERZFZFA5K+o/y2sE9jBF0NyZaiA:KGMWCUWvIYiQ3XTAM+o/8E9VF0NyEp
                                                                                                                                                                                                        MD5:717D0191A5268B8C13138809BC89616A
                                                                                                                                                                                                        SHA1:D9F746FAB9A261F4199419F04F5DF789AEFC23F1
                                                                                                                                                                                                        SHA-256:FB65D163A822CA3D7BB10807240B3D1D627BBF4DE15565F9F070733FD42B40FE
                                                                                                                                                                                                        SHA-512:8901B2044CE8B7A9E6BAEC082661A1EE9B1308CB7655359CB6A8EDDEF9F3FDF8C2E64268ECABFEB2F7A91B6A2E456A672E85F7381E4ACE5EB1C3F1E1FFBAE73D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................@)..O....@...................)...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.863332706665763
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:8BhwI7WSQWrIYiQ3a0AM+o/8E9VF0NyujE:8DwIByYiQXAMxkEkE
                                                                                                                                                                                                        MD5:915EC30D528032085F230CC560661522
                                                                                                                                                                                                        SHA1:980D744405A7C83680EEC9214D1AF31BCE36E63F
                                                                                                                                                                                                        SHA-256:A537FFE3A0AF78C95BEA65578BFBB42FF0FA194C573E911102C9F6DFA68B41B2
                                                                                                                                                                                                        SHA-512:142E5988C81CE7B486574BA799D2EDE16A02D25F1F6109ABD7AFE30D2DAFA78207396E9EB2B97B81B1F279612623F7D8EE60859510863CD0B6939B684A61926F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P................)...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.IO.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.880210671179282
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rNc/vlxK6FW4lW5KIYiYF8uegv7cERyj+A5K+o/y2sE9jBF0Nymai:xyvPRW4lWgIYiQ3e6AM+o/8E9VF0Nyh
                                                                                                                                                                                                        MD5:37551A80CBA83DF2909831ACD08F3E56
                                                                                                                                                                                                        SHA1:52D20A449A27BB651C293830D143B4550B9BA324
                                                                                                                                                                                                        SHA-256:8EF3C3D8EDD19183056B2E36E45917C7B666968AC4991BF177AD68D5FE28D985
                                                                                                                                                                                                        SHA-512:8234ADE569DD58EC5D908BEBC9A488B9DB91FEDB912BCDFE19E2125359899787F1A2318C3E970F5E786D3211F19308F9178D9038B56E7AA5006CB295C8823A7B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...................................@..................................)..O....@...................)...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                        Entropy (8bit):6.832544481197567
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:Snhp+J2sx/5W6eW5JIYiYF8uegv7cERFQuV9A5K+o/y2sE9jBF0Nyfa:06RW6eWnIYiQ3RQMAM+o/8E9VF0Nyi
                                                                                                                                                                                                        MD5:102E07AAD83809C7EF0A1788FA57B2A9
                                                                                                                                                                                                        SHA1:FC664FDE0D335E140CA2F219E0A380B3A5FDE174
                                                                                                                                                                                                        SHA-256:A5727036ADCA5B36E0AEFBC21AC1D047CA5E2338A8BAABBE6713B87680E857C0
                                                                                                                                                                                                        SHA-512:13AE312BD7ED55FFD51C9CFFE1F21A85FC04B1266894FAF3CF9C5098AC6388E5C5A41A5E875585995F8EF90242C7E0FE3B7D9DAFD27C3F58729FD6AFAEB71340
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ....................................@..................................-..O....@...................)...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.8659933169603375
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:YSUP9W70WVIYiQ3RrgxAM+o/8E9VF0Nyikp:dUegYiQZgxAMxkET
                                                                                                                                                                                                        MD5:DE7B707849C16BF35BE4499AD042063B
                                                                                                                                                                                                        SHA1:84298E1077CBEEDAA34AB85DF106C61B7BE86D17
                                                                                                                                                                                                        SHA-256:C1D4B47B56D9D1C56BC930BE0F7DD96C8D506EF11F4AC35ED45F16D74538029A
                                                                                                                                                                                                        SHA-512:FBEC3CC392F266440F9DE41CE16F04E5930CECA4A8652345CB9B65F3BB93F862043D21365BAC08E5AF6E9C91CD83062B85BCB6493165D36375CF5789F6DFE951
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................i.....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.860212128735241
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:v8yg07W0/WzIYiQ3HBZAM+o/8E9VF0NyVArlm:vBHBYiQRZAMxkEg
                                                                                                                                                                                                        MD5:75AE7CD3768A46730C76DDDFA9CCB465
                                                                                                                                                                                                        SHA1:ADD8F78E2AC4E4620C52B03107EB907B3D3367EB
                                                                                                                                                                                                        SHA-256:4BC6DBE89E68C2C44048395476618B0AD607B8855F1387018E019B2AEB908456
                                                                                                                                                                                                        SHA-512:75BC4210C15E8F78AB4899DCF8C053FBE58E32E15B0D652076C67608D5800CF312EB52BB810AF1992473649C23789E71E948654FF5C04443F0A67E1AE1ABD71F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................!.....@..................................(..O....@...................)...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Linq.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.824441116064131
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Ne1WmRW/IYiQ33MpZ4AM+o/8E9VF0NypZ+8:NejTYiQspWAMxkEJ+8
                                                                                                                                                                                                        MD5:4D81F121548BBBF25409914DCE4CE03B
                                                                                                                                                                                                        SHA1:F44533EF2046AB6F86F00765959D6CFD8401675A
                                                                                                                                                                                                        SHA-256:44317ADA70254B3D0C0309C1BD86F6DAF37C73569490536DAA9F5C156B9FEB3B
                                                                                                                                                                                                        SHA-512:A44C49EFDFC8448FCB2B72593C69D6840A83971229D9398304D13E422B7D6E06B55EA2EC055EE4D9886E986E5023E8AB64A4F986C79AE9AC582DF85A979305D4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................p(..O....@...................)...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):192792
                                                                                                                                                                                                        Entropy (8bit):6.117612004400088
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:TeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSghM:uW60VcTvakcXcApO
                                                                                                                                                                                                        MD5:FDAFB488FD6DF8CD1D0231004B57DC46
                                                                                                                                                                                                        SHA1:5BB11C37014BD09603F9E4D1040D2FB130C89E85
                                                                                                                                                                                                        SHA-256:F424CE2A87B44C09B64891339ECDEB1DDF0664B341133D177BEA7A0F18857533
                                                                                                                                                                                                        SHA-512:4AB956D3BD1AED8C7466D37492CBE8E16DBB6EA91D131D2FD996B5D56B6583A17343E8E8EF648B3AD788B459B455D095A4A62F34F99D040D2994C19CB8F9BDF5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ......u.....@.....................................O.......h................)........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.847498848337345
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:MZsxgyrWYLW552IYiYF8uegv7cER3GaDA5K+o/y2sE9jBF0Ny4abnyxmJ:C6ZWYLWaIYiQ3j7AM+o/8E9VF0NyLjy
                                                                                                                                                                                                        MD5:CD8CBA219E9C3A8E4019F1F1CE6589E5
                                                                                                                                                                                                        SHA1:9B92BAC1C9AE24CB548204B622D4E8E8A4E21845
                                                                                                                                                                                                        SHA-256:96C305EA6C0625FECD79BEE4255F9D28091766616F45C80B60D85B6AECADE995
                                                                                                                                                                                                        SHA-512:AC4F330D408E6D4455406BABEAE4800BBAB761C90EEF5AEE9EC81BDC1884C19C30DBD611C00407CBA70EAF860CF44BDA6F7E77AD5251E2C4BA53A88609687962
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................^.....@.................................T(..O....@.. ................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                        Entropy (8bit):6.802500272125165
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:+1W1WMQWlIYiQ3ln/UAM+o/8E9VF0Nyk:91cYiQVsAMxkE
                                                                                                                                                                                                        MD5:442409F23D4C34BACF439370FBE90C17
                                                                                                                                                                                                        SHA1:696717AE91553FCA366752ED504C371E5F9ABABE
                                                                                                                                                                                                        SHA-256:B508DB1E6F2A6712E005B6DFEE55FA5C72A86A314AC0167ACC3CD99311B0B720
                                                                                                                                                                                                        SHA-512:921893BF51B5036CF42D3E1F0AFFBCBED0B5727176D6E89F5C6D89805C80551F4A3C63FBEA08A651BA988FAE21625CBD2E2F029BA9C32F767E892541F747637F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ....................................@..................................,..O....@..@................)...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.839752638272101
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:jQ/rx72WSKW5XIYiYF8uegv7cERZIGA5K+o/y2sE9jBF0NyRadJy:MdSWSKWZIYiQ3NIGAM+o/8E9VF0NyMS
                                                                                                                                                                                                        MD5:68FA73680CB1E48FFEC95D2B8332FD8A
                                                                                                                                                                                                        SHA1:5FFA211B721B2B5D41F91E38A22C78FDBE2BD076
                                                                                                                                                                                                        SHA-256:CBC02A78DEC15F9554BEA3A2F89888A4B8101EF087E0874D0189A23BE31840A0
                                                                                                                                                                                                        SHA-512:D33F4591A8DBA10F24B7C784D126E0904A5A246DBE17DE463B8EFDD56B54C77D41CA3A40FA936A29D3CB877CA0A0CDF6C65F0A617E750297D400D5FF07AAED63
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@...................)...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                        Entropy (8bit):6.756182397719121
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:fJEYA2WkIWWIYiQ3i34tAM+o/8E9VF0Ny05:fyYA8lYiQW4tAMxkE
                                                                                                                                                                                                        MD5:0C1917BBD9C6A474A4B58E25313A6C58
                                                                                                                                                                                                        SHA1:63DD3E38514437D04CCA206BDB0A8CD586ED4681
                                                                                                                                                                                                        SHA-256:4AA518E62109E16B77BAEFC767CF24993D6BBB063C4B9CC4D75EBED8E796E740
                                                                                                                                                                                                        SHA-512:FFD55A537379ADE106110B4477E8609D57C573BFF03A12C2A62A7DCA7C31237A3042DA771614B29DDC01A01739F52B13ACAFB20277A529D66ACF3A02E3804B1E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ....................................@................................. ,..O....@...................)...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.882655819453741
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ol0qgopJ5xBcWe4W5SIYiYF8uegv7cERQcsA5K+o/y2sE9jBF0NyiasKz:gJGWe4W8IYiQ3UtAM+o/8E9VF0Nyln
                                                                                                                                                                                                        MD5:5E7252E712EA9D260110592B7F6C48A6
                                                                                                                                                                                                        SHA1:7F9E77F7332DC0BA356116E84D6B15EBD25F1832
                                                                                                                                                                                                        SHA-256:EE4DD236E95A1C182B9FE7AD5A9168BB3CC4C5E1AB99FCF35D479C38ED7AAE67
                                                                                                                                                                                                        SHA-512:3EED4F316E7E35D21B3582A4F1751E4CD2E38461F052D155BE09FDC48785182C2888E25DFE4635D8BF662F4375BBC6F1EB856D6A4BA8F8E824BBE8B30D8AC011
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................g....@.................................0)..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.79719510195661
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:VdW1w3WesWpIYiQ31nAM+o/8E9VF0Ny3ne:C1wxsYiQtAMxkEte
                                                                                                                                                                                                        MD5:73F559AFCB4E9C68D51D12F8A354EB21
                                                                                                                                                                                                        SHA1:A5527DE964AFE676635CDF0C3A5BEA4606DEE5DF
                                                                                                                                                                                                        SHA-256:5C7FCC123B5C056F890BEB02ABF48968D22E9DA998EC5F84746D45B20D868431
                                                                                                                                                                                                        SHA-512:D4E4D3A395B3D654AB4C605B0963CB85F000030DC3BB89687933769E531E8C419893875AA77826063BC3ECE5170EC180FFA8D9E9B50FDBA57EEE14DE0E305E93
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ...............................$....@.................................,*..O....@...................)...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24856
                                                                                                                                                                                                        Entropy (8bit):6.60337604357524
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:aylNGlfdqj5531HJTABhf8g2MkO1ICMbmiT2Y4Y3ocWS9sWvW8YsW2GIYiQ3ovA7:ayp12Bhkg3qnV/sIbYiQSAMxkEk9
                                                                                                                                                                                                        MD5:721A2A3F749E76570454F8610223A81A
                                                                                                                                                                                                        SHA1:616535F4816AC0A2A4D001AE94C4355BABD7A3C9
                                                                                                                                                                                                        SHA-256:6F8A911B93DD06B124BCC1D974FE9B129DFBF7C756ECA67E1182C0B060CF2136
                                                                                                                                                                                                        SHA-512:15CDE19DB8A4AE0C58833EA7BBDF4D5FBA3991652D7FBBF292B92E05501A5C5505F1420B3C6EE67EEDF90E434D77179082716B316B62AF0FFE6C3FCA6BE63C3B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ..............................x.....@.................................gI..O....`...............8...)...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.86368419354242
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:SHPAW1bWLIYiQ3mDccAM+o/8E9VF0NyxE:KrhYiQ8AMxkEs
                                                                                                                                                                                                        MD5:EDD3F2BB8AC1858F5632B74B7241C95A
                                                                                                                                                                                                        SHA1:B3A597F92ECF66E07922CC1AE7ADB6A7C7391A4A
                                                                                                                                                                                                        SHA-256:28F37C5EC5878557E72E0170436B8B2C9284480B3FF673EDE73E82DDA34BD448
                                                                                                                                                                                                        SHA-512:D3E2A65BFE31ABD8280EDDF331329D87C906CEF707AFE08CCD3FCE5187EBCD1A2A224FD99A742D01C76BD1FA00F911E783A62A5128D9EA9D582531DD61C50AF8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................)...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.8625488280566
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:A+TxwFqWD7W5TIYiYF8uegv7cER0MCIA5K+o/y2sE9jBF0NyOaBr4:bNoqWD7WdIYiQ3AmAM+o/8E9VF0NyZB
                                                                                                                                                                                                        MD5:BD7027B01BAE5739F06C753C9FE7959F
                                                                                                                                                                                                        SHA1:32B3E6A17E273D5C755AEBF016A2A44A4CC3C7E9
                                                                                                                                                                                                        SHA-256:FE77EBAF85404C650FC8DF99BAD9D0797A4C7F31CABF15AE371ED32448DD9D65
                                                                                                                                                                                                        SHA-512:8EDE9225F7C915F660773B1BD8DF11151B625866E52FC7534EDF8AB7CCA0AC7ACE083CDAC423FF216D3FD89D5292C6FEFD075BA7BC2FB5A9B2DD0BCB190271E6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................\....@.................................|(..O....@..@................)...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.872682990269314
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:mGETSAWUEWFIYiQ3ZLaAM+o/8E9VF0NyD/J:MT1MYiQsAMxkENJ
                                                                                                                                                                                                        MD5:A4A9F365A1CF3DC942D7CCB771D7AA64
                                                                                                                                                                                                        SHA1:EA3EA7B8DE598D6ACAEDAB12F0E76AEFAA3B1A41
                                                                                                                                                                                                        SHA-256:1E10E8A793BF78F02DA384B9FE015F1DAE0F1177D47DA7FA626FF222D4D22665
                                                                                                                                                                                                        SHA-512:3ECB7FB233DF9824F3B13B011B41BA243474D79CFA9DC612EC6A77B757AD1741BD150EFD62510EC02607A85DDE4004BA241AD0DD98F72B8353D9EBEE4EC03D45
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ..............................A.....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.856964843992838
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:ecDagtDApWSKJWaIYiQ3TRONAM+o/8E9VF0NyQTV:ePKBYYiQcNAMxkE6V
                                                                                                                                                                                                        MD5:42B44BFF40B438CBF47A69ED1D138A0B
                                                                                                                                                                                                        SHA1:D351DB997D9D4014571009C66C34900D38EF84A4
                                                                                                                                                                                                        SHA-256:3A6CABBCCBDCBC69FBEBF4686BFE026446837C8A0124794F30675CA4BA9259C2
                                                                                                                                                                                                        SHA-512:85FFB41A6612D2AD9FFFFEB0AF876D8F5C9CB233CB1A256EC4CE61FEF018704D3C53C0A70093A378ADE50A51464D0908FE0E993A3CA9E039A9DA8B1D84B89032
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@...................)...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.8650234723141175
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:M6NxhqWD4W5OIYiYF8uegv7cERYcMKCEA5K+o/y2sE9jBF0NyMamq:5IWD4WIIYiQ38cXAM+o/8E9VF0Nynmq
                                                                                                                                                                                                        MD5:AED785AD8E2FD1773EBA4C3B3176A651
                                                                                                                                                                                                        SHA1:7F4F0906EAA0B2CE730CA458756BF832006ED317
                                                                                                                                                                                                        SHA-256:77315354BE4E5DF8B6DC97B4355A8C1A2B8194CFD801A03F99591697C64B6BE4
                                                                                                                                                                                                        SHA-512:6A850CEADE31667BB9D3CA04B07027DD3AF86711BB04157E9903427F6CE554045961711E0731DCC230424A3AFF65DD0995E340A9F62B3C945CA48C10330764C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..@................)...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.794459752733996
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:lMWzQWnIYiQ3aNc9JAM+o/8E9VF0NyspDB:l56YiQmyAMxkEIDB
                                                                                                                                                                                                        MD5:4530257805D46B0F14EE2BE146D8DC26
                                                                                                                                                                                                        SHA1:A9A3F1955089DC9CDA081F64B868B4AEF8E902EB
                                                                                                                                                                                                        SHA-256:5D9D7681642B9C32F7AB665B79215CC0D59AD853D500D590F3F2D6E6CBE873AA
                                                                                                                                                                                                        SHA-512:B70BBFB18788C21A32E5648079B2D11233B033CFF282758FCC817B1421E565B621E2EB9D379C91CBF9621F6C4DCC9E55E1378C7991E62DCC7F2A4931D40E24A8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ...............................?....@..................................)..O....@..@................)...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                        Entropy (8bit):6.731470377549001
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:FxDHKWAMW8IYiQ3sRvFAM+o/8E9VF0NyILs:LD87YiQcFAMxkEN
                                                                                                                                                                                                        MD5:B61820A6CA832342FC9A18694745F93E
                                                                                                                                                                                                        SHA1:4288292ED133CA73AEB2031636283A81F2570879
                                                                                                                                                                                                        SHA-256:043EB2779BFBD335BEC9A5AAA09D85C5E763B3E499F092DF65074F0020FAFA9C
                                                                                                                                                                                                        SHA-512:66E3B8CB1AFFEDBABC67BB00260C499E90A13A9AD7497971A1AEFC353E1FE55D0ACDBBC13ECDAD05E741A14C5F43CA576BB9820CAD6E259CD7A27F98954B9082
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ....................................@................................. ,..O....@...................)...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.843017083995019
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:8LNBEW6pWgIYiQ3t0LmkAM+o/8E9VF0NytTK2:8bMSYiQApAMxkEfK2
                                                                                                                                                                                                        MD5:B7F56C9FDE7B92478A6876D2FF36FAB8
                                                                                                                                                                                                        SHA1:C678696936D878A2F2F70FE0307EB3CF621B1E4C
                                                                                                                                                                                                        SHA-256:46649D90B96F52EEFEC5A405040754DD46B060753B4F2686D519B5E7C2733A01
                                                                                                                                                                                                        SHA-512:B5CAF77D64A469D79C94DD53A4E0AFA156BC1A570BD1CED882065F8184EF1FE8101DE5054E6CBD39D599AD3A43871C5CD8326A374FE69AF8A58B88B5203DD402
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................G.....@.................................D(..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.88831590559411
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:jKkHKW/tW6IYiQ3h7fuGbAM+o/8E9VF0NyJ:muAYiQxGaAMxkE
                                                                                                                                                                                                        MD5:29DBAA087BFC8F12B0BD889AD9B26BE0
                                                                                                                                                                                                        SHA1:DBF18719F37F2A15FF0B57F80F8267A866BD017D
                                                                                                                                                                                                        SHA-256:3F65230A107969B53C061F0BD3AE5BE813B6C28AC02F7868E5DA0C1802E84EEC
                                                                                                                                                                                                        SHA-512:5FC81A0456E311B320CD36A84BEF78FA06301AF2A89E3E468144482B4C085CB6FC3FB7CA999364F6027EB5788B201E7CF553712E7CC1217E3286617C22F9773F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..`................)...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.836798359941617
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:rLnfIWqrWpIYiQ3pvwDAM+o/8E9VF0Nyvgh:rDf4PYiQAAMxkEC
                                                                                                                                                                                                        MD5:A2010AE2D9806CEDE19DBB92A7A5444A
                                                                                                                                                                                                        SHA1:85A62D3A4EC93BAF1C376639EF6E84B26CD15077
                                                                                                                                                                                                        SHA-256:1308FF1119F60030BB1C6A8846BC8E349DFB0104A032905E7167580C947D373A
                                                                                                                                                                                                        SHA-512:985E934AC82DFBC098108DB61327FDDD2EB2BD07ED9EAA723C5A6DA14E2D09314912C6BB35BE9351D88221DA4A7441D32B662786E4BD66E1FAA8194E3702E486
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.8231441500564936
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:zna8WK1WwIYiQ3VG4oAM+o/8E9VF0NyrTOI:zna0OYiQ0AMxkEV
                                                                                                                                                                                                        MD5:09DD53C73FADC311EC8632614682DDA1
                                                                                                                                                                                                        SHA1:3298906471C8669A56B67F770437030CBBA040DF
                                                                                                                                                                                                        SHA-256:4B1BBB19088731B2F5241E7F176EB3710B24BDD3B17A935A95490C43F0DCDEBF
                                                                                                                                                                                                        SHA-512:3EA4093C743816DFB64FF91E6C9F58711C2802532420C3CC72CC611E837B4AC2A3BDB08557A3C9240A8589D809FA5FF2F68732ABCB2321EDE9A96DD7337781A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ..............................;.....@..................................*..O....@...................)...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.776137531559141
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:yBSWITW4IYiQ3NxMqLRAM+o/8E9VF0NyUce:y6AYiQDMqVAMxkEs
                                                                                                                                                                                                        MD5:115E56C9210722B8349ECF79258208BB
                                                                                                                                                                                                        SHA1:FEEC9B943F8583E19CBF158468AEDB0CDC7BB741
                                                                                                                                                                                                        SHA-256:9C5FCA5828B141E34D9F2F2F0F314CB03DA3068A21A994592B582C831045A141
                                                                                                                                                                                                        SHA-512:CFFEF0EB425F4748C04FA4C00142FAB2618D3C703A95199435AB8053FECB27654575DF9DFD06A4E47DAA103476837768E4886461C470A98C25997075731D40AA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ..............................7.....@..................................)..O....@.. ................)...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.88250029852906
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:D88cIIWNoWWIYiQ3pqhAM+o/8E9VF0NypRq1:D9cUZYiQQhAMxkEF+
                                                                                                                                                                                                        MD5:2617DA84348FC3E0028CE5C1F59A3F24
                                                                                                                                                                                                        SHA1:69FEC0D7946E0F2198C84346B69CE7A535EF9B6F
                                                                                                                                                                                                        SHA-256:701319FBF7637315E21DFA1F9D6C3F0C818A0BEFF35C47A2BA77EC2B07367193
                                                                                                                                                                                                        SHA-512:36DA8A3EA1EB0D93DAB0F164DB216C0D682181A5A56CDE161C854FD6E7E42A67088BCEE432341D5A58349151F37F80D1975B967D9C6F016BEB67C36C95FDF03E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ...................................@..................................)..O....@...................)...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22808
                                                                                                                                                                                                        Entropy (8bit):6.62653900975139
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:nkUwx9rm5go1fWKmmW4oqN5dWjaW+IYiQ3m+jyAM+o/8E9VF0NyL:GrmoFmWXXPYiQtyAMxkE
                                                                                                                                                                                                        MD5:08E90A92212514DDF9EAEF37937D5F34
                                                                                                                                                                                                        SHA1:9B4CFBB952EAC15F0B1F3303539074219DAD5FAA
                                                                                                                                                                                                        SHA-256:993CDA21A4E35D3E0D08DDAF90B6BF92512F4CA28D8B01D425FB241EC6CBFDE4
                                                                                                                                                                                                        SHA-512:F9A61CC88CF59837887B734F06ED14ADE26657E4C1B64D43814D7290B5D62AB703759D8DDCE534DCF8A7FCB9DF95F4436F0A7B55B90F226DE239DC7E39589F5E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................v.....@.................................PE..O....`..x............0...)...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):18712
                                                                                                                                                                                                        Entropy (8bit):6.686579781495355
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:S09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsd:jOAghbsDCyVnVc3p/i2fBVlAO/BRU+pX
                                                                                                                                                                                                        MD5:356226EDBBC8D5F02F70EDA9BC5C9548
                                                                                                                                                                                                        SHA1:D4D9DD03FB2E512CFCC78525EC614C373D3A69AD
                                                                                                                                                                                                        SHA-256:61B648FE96266823A3A5F80B29847DAD8D055FFAFD29A59A0E9BCBE378D9C7BA
                                                                                                                                                                                                        SHA-512:F2E45F6DA95FB5EC862E748B91394DEC2FD3F487A17EF24F91E65213A4EF3EC5772316E4F8C191A675CBD3A656331C3C4695AD584AE5DC0D08777E990DCECEBB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ...............................F....@................................. 5..O....@..P............ ...)...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.842788609605885
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:cMYx4AW6RW5fIYiYF8uegv7cERXqbA5K+o/y2sE9jBF0NyQa5AyN:a7W6RWpIYiQ3rqbAM+o/8E9VF0Nyzf
                                                                                                                                                                                                        MD5:11DE07C2EB8CDBCA805708B201BD18D3
                                                                                                                                                                                                        SHA1:434678AEFD905BB80C6DA0A270413853EB134ED5
                                                                                                                                                                                                        SHA-256:24E32BAC756BAA67D2309E992A1DE83DBBDA67F24D1AAF3DE6FA4AD0C5A1EDF9
                                                                                                                                                                                                        SHA-512:CAF03D88BCEBEDA0A6AC5379092A2063F16BE210F843A7129234BC0F53ACD3828F10CF3B85552030C8ED91FACF771E3E2DCA32F6A87B65E7263E40CD3B18E509
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................+_....@.................................T(..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.931288608446559
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:5I5HeWFwTBsWiIYiQ3sOuAM+o/8E9VF0Ny/u1:5I5HFwTBpYiQjuAMxkE4
                                                                                                                                                                                                        MD5:A833858089315F05F311086846A44D33
                                                                                                                                                                                                        SHA1:DAD25D2DBD281EAFF5E495F0E5BAEBB190EE913B
                                                                                                                                                                                                        SHA-256:889BC2D992DFA6E50A266D8926E497D537166C18781AEF2202029892CFE03657
                                                                                                                                                                                                        SHA-512:DFA51F586B30AF7621FC3DB5B58624E22E9D476DDE10E2978EE6B38A79A275211A8E27F59B69D35187AA5EE92BCF0683DD4C7F35A89FA851BBD2A9D8AA0FCE59
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................|)..O....@...................)...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.896156364175732
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:RAJpVWbfkBnWkIYiQ3StMAM+o/8E9VF0Ny6N4sF:RAJpWfkBQYiQjAMxkEu4y
                                                                                                                                                                                                        MD5:C13C53F759AC76AC48EFF5A7DE1B62F0
                                                                                                                                                                                                        SHA1:17CC81129F990EEE6E6840FA0D45ABBB3243EDC0
                                                                                                                                                                                                        SHA-256:0236D87EF4BF45729FC113283E115F512AF5AFC16CFEA72F951772317D8D89BC
                                                                                                                                                                                                        SHA-512:576D6E477CA2E64C23C1576FC45D8220D1FBB83E8BB0512C78E2F2A7B80A4F8FC92AF66E79B57B5105AB6370C106320CA19E09276FF0D0B11239AD0E6EF8C9DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ...............................V....@..................................(..O....@..`................)...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21272
                                                                                                                                                                                                        Entropy (8bit):6.552099023124321
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:y8R71h7yzt94dHWFgQBVWeHWFyTBVWMIYiQ3tNETAM+o/8E9VF0Nyab:v1dyAqgQBfqyTBCYiQduTAMxkEw
                                                                                                                                                                                                        MD5:01A0841A04BC4C73611317A0FE9447F2
                                                                                                                                                                                                        SHA1:226439E8C630425C6D944D7972F039C699FBAD81
                                                                                                                                                                                                        SHA-256:01374B760F8DE0A750B437B35A4E689CFE254110047B5C4D99BEB682664B9906
                                                                                                                                                                                                        SHA-512:1FFA7563B4351DAF3D4703286F575BCD14711B293F04652271C1FBD5EF71209864C36A28A413EB8059F871EB73079D18BFAF5F12AF53142EE11156FE0DCD0224
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ...............................;....@..................................8..O....@..8............*...)...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):19224
                                                                                                                                                                                                        Entropy (8bit):6.691845476988413
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:SpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWKIYiQ3QopAM+o/8E9VF0NyWry9:YsPMQMI8COYyi4oBNw4tBHYiQrAMxkE1
                                                                                                                                                                                                        MD5:2C087D99EC40861DF1F93F00372FAD24
                                                                                                                                                                                                        SHA1:38D58C2549F851480D80042907CB884A05A5FE8D
                                                                                                                                                                                                        SHA-256:3118ECA8130FBFD29372DDED0D07174400C24E037A0357F4F11670848E9055ED
                                                                                                                                                                                                        SHA-512:703EFFA5F385F90831C3B5E995804789AFB6DCC82C3A1B39AB43DA228A08F4FE529B5F786F437BC26956CA02D463236DB80975C0A9DF7BFA3114464440A1090E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ...............................!....@..................................3..O....@..............."...)...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22808
                                                                                                                                                                                                        Entropy (8bit):6.596646511586578
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:OB9g5l+A3VVdCRdtOfd7TCUBQ4BX8JZa6Si5HsOgrE2WGCWLIYiQ3I4ERRAM+o/w:+9g5HVVX12fsOgrE+QYiQREvAMxkEE
                                                                                                                                                                                                        MD5:42E29D8B9A29D6DA08BCC012E7BE1948
                                                                                                                                                                                                        SHA1:BE90A9B1A47B65BDF91275C690E22B7F5E4F0EC0
                                                                                                                                                                                                        SHA-256:64FA1405CBE3DAE7B30209A7C8D2A841F6C39A01ECC5AAE10BF38194AFEED265
                                                                                                                                                                                                        SHA-512:A2D84473AC0677F4B755A41AEDC17591CD68C02E2286D8B851FA5C87C37D4CBE8C33793EC0DB41D6738FCC3A446E6828B48A1A4812B9D9D4672E9F1B56AD8666
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP...........!.....&...........E... ...`....... ....................................`..................................E..S....`...............0...)........................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......<#..\"..................P ......................................'o...Ab]+.^nz..w..fBw..W.r..D..0...|..fc.x.@.J.S......_..t....&].. ~.8...t..j.j.W...g...d %..:/`b..X.q~....s.[G!]otwD..m...*..*..*..*..*..*..*..*..*..*..*..*..*..*...0...................*...0...................*...0...................*...0...................*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..(....*..*..*..*..*..*..*.*.*.*.*.*.*..*..*..*..*..*..*.s....z*#........*.**#........*.*..*..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.xml

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (541), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):76981
                                                                                                                                                                                                        Entropy (8bit):4.819464476297391
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:YNa7Vx5ughg2y1eEics/2cLtU+61hYg45bmZiNjcAjdKvj59znKSe5+YjTjljcKZ:YHeEUZtgsccITKSFYjxcKSskiKS1
                                                                                                                                                                                                        MD5:3A4E05CD88971CC7988F3179977192CA
                                                                                                                                                                                                        SHA1:C0F796775FB852E6F9F75AB70846EE49619D9988
                                                                                                                                                                                                        SHA-256:576D49F78CEDFC37A7F7452EA7519EBF690642EBB87D01AC777605FFDBC648B0
                                                                                                                                                                                                        SHA-512:4E649FE654160B8D2595927CB215F078E1D97EE5B1D366D0651743E143DD990867FFB3E6C69AC19AFEF0D75C9B8B28E36977AAA4D64C5FFD24B0037B04828479
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Runtime.WindowsRuntime</name>.. </assembly>.. <members>.. <member name="T:System.WindowsRuntimeSystemExtensions">.. <summary>Provides extension methods for converting between tasks and Windows Runtime asynchronous actions and operations. </summary>.. </member>.. <member name="M:System.WindowsRuntimeSystemExtensions.AsAsyncAction(System.Threading.Tasks.Task)">.. <summary>Returns a Windows Runtime asynchronous action that represents a started task. </summary>.. <returns>A Windows.Foundation.IAsyncAction instance that represents the started task. </returns>.. <param name="source">The started task. </param>.. <exception cref="T:System.ArgumentNullException">.. <paramref name="source" /> is null. </exception>.. <exception cref="T:System.InvalidOperationException">.. <paramref name="source" /> is an unstarted task. </exception>.. </member>.. <member na

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):23832
                                                                                                                                                                                                        Entropy (8bit):6.337394346766595
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:7bhigwLAuZtM66g/Id7WVXW2IYiQ31LAM+o/8E9VF0NyvQA:7bhzkKsqYiQ9AMxkEP
                                                                                                                                                                                                        MD5:690AECA2FEDF3BAA5C1B98C86A17D30F
                                                                                                                                                                                                        SHA1:AA2383469C2B813F3192D04648B2D2D52348656C
                                                                                                                                                                                                        SHA-256:A58B1799A410CD5C1BED7B0E31D1625C593DE703D9717BBC1B124203160E68FB
                                                                                                                                                                                                        SHA-512:7D587B687CB45A80A4E0D27AB506F892B852EE0F0D73C8D037A190F53B4A46BA303B4F053DFDB4F7D056255000ADAF2BE44B5BFEFB442F9ED2EC2E0C9E55D6DA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ....................................@..................................G..O....`...............4...)...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.871418537268813
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:WUcX6W9aWoIYiQ345ZCIAM+o/8E9VF0NyEv:WUch1YiQ48IAMxkE
                                                                                                                                                                                                        MD5:D64E6816BB506CA4530D699DCBB3C372
                                                                                                                                                                                                        SHA1:3A508F17EAB2512B1990BAB63A2BE65331F31275
                                                                                                                                                                                                        SHA-256:58770DD8F1F05F72E0CEECDA897790BE4035ED179B8A4D1708516C252198B46A
                                                                                                                                                                                                        SHA-512:F68653BC02A4796A8039ADD8017DA4776E412C1768F63927787A5110A22C321898BB973C7B9F3D87141E1718806B23C6ED1984B21A1D85E7C6F59CFA5289D4F0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ...............................n....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):41240
                                                                                                                                                                                                        Entropy (8bit):5.965402526465017
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:loBj7kS+8mjvHTeaWKs0Sd4eeEYiQKDFAMxkEc:YPmb9WKs0PeeE7Qsxw
                                                                                                                                                                                                        MD5:534A1004BB9E3283A7955B65C44B9440
                                                                                                                                                                                                        SHA1:F6C7416664AC119770D18E00C3655972C45BCA30
                                                                                                                                                                                                        SHA-256:63FC2D5F6AA8CC83058D81C23B2B4C9A2D5927F2463DBEDECC6512E57CEB4101
                                                                                                                                                                                                        SHA-512:54C5BC92C31243F104019219F344AB064F649AC25480D26744E4A930F6004AB18CB48720990433AA81DAF4BD2B44FE0EBBC1107F8F1268A73F4AF8BEEE9E1827
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ..............................+.....@.................................u...O.......8............x...)........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.9018942588763235
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:cLtTL/WxOT6LoWPzW57IYiYF8uegv7cERaazCiJjA5K+o/y2sE9jBF0NyZa4:aTI2pWPzW1IYiQ3OGAM+o/8E9VF0NyE
                                                                                                                                                                                                        MD5:02800A49509012F6258EDE6AC9CE5CEC
                                                                                                                                                                                                        SHA1:1AE3AF0B077FD831C8364B5FA2A1A2CE112ED2B0
                                                                                                                                                                                                        SHA-256:541B60479A15DC40AF60A4650DF59274D3D84F8ADD41AC51E58514C924574A8A
                                                                                                                                                                                                        SHA-512:32EC013908144354B27B210DBA44740C0F0DA7A334496B7F3EBCBF55EF5CD1237E06E10319F3C75228999B1032B12968656C0C690A64920195A5D85E50F825DA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ..............................@.....@..................................)..O....@..`................)...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.918160771389363
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Ycezoy4W04WGFIYiQ3llHAM+o/8E9VF0Nyy5:YBzoy+3YiQrHAMxkE
                                                                                                                                                                                                        MD5:C286BEA5983F2D44E327A6243B8A5B21
                                                                                                                                                                                                        SHA1:9DB4B7498E91DB9D553A1C71C5148FEC9AEFB52D
                                                                                                                                                                                                        SHA-256:17BBA2BEAC6C4BAFE9161AE2BDCE10938230A796F98698A53CEBCD2B7D83F304
                                                                                                                                                                                                        SHA-512:4D87B180ADFAEE606A46FC54137FEBB6B935C52944E6EA6B602473F526D7CD3FC5EAFF915AA4B914EB88E25D4459B59C1BF9041E9B77DCD0E435CD47ADD2C35D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ..............................ia....@.................................,)..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.810670666483841
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:WH/JWKpWWIYiQ3ywSaGAM+o/8E9VF0NyXy/:WH/jEYiQNdGAMxkE0
                                                                                                                                                                                                        MD5:049C9B459BC08AAB6FC616B06B979616
                                                                                                                                                                                                        SHA1:3DDF3D8C5250C5588AB9B651D500AF93E48A3E0A
                                                                                                                                                                                                        SHA-256:091519021CC119ACF55A2FDA114387816057A3726E59D0CFE404263E844A1C2F
                                                                                                                                                                                                        SHA-512:73361E0D925586936C6FF341A97C18DA8646762F9CFA183A39E199381FA75EA2484C834B968CF5AF4456075A8CD3E693F2348587293921CB927473F501DEA09E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ....................................@..................................)..O....@...................)...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17176
                                                                                                                                                                                                        Entropy (8bit):6.753442627812393
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:wTjbocNsWMhWFIYiQ3eh+b9AM+o/8E9VF0NyPJH:0boYydYiQ3AMxkED
                                                                                                                                                                                                        MD5:99160DACD0B02DCA87CBD3FE237B3A00
                                                                                                                                                                                                        SHA1:6F14A69587FE4E5B9FB7FC21888FC0D3DA2CA73D
                                                                                                                                                                                                        SHA-256:AA478258C6F6F8FC6E3ABB88B01DA53238B2316CAA78E2ACD64E07334C2C8AA4
                                                                                                                                                                                                        SHA-512:BD04E8B1B766F2C8DB69393BBE90191BB107B9802ADC50C1718B588DCC03A6A1DFDE4AFCFBEF97EE6C175BF00B4F79C12F5464C2C280FA4FD4638ADAD25982EA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ..............................1.....@..................................-..O....@...................)...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.856568647529212
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:AVSKiWIhWLIYiQ3vNKkfAM+o/8E9VF0NyTi:WSK8LYiQ1lfAMxkE9
                                                                                                                                                                                                        MD5:C69302F146397B44ADE39F5B8A89F537
                                                                                                                                                                                                        SHA1:436A30216B18B893FC6037C8688BC855DBE5796D
                                                                                                                                                                                                        SHA-256:02FFCF38C64787E13A2E5286BA7A37E4AD9599A2AA4B61029A18D37EB721B56E
                                                                                                                                                                                                        SHA-512:54DC41C01511D46EFAD04C52E5CC5E2B4F78E4741A4B5A095D313BBD2A91A3DFF10C031F4EE527DAE7B7309A206DFBD1B54A6972982E44E020B8260420CCA662
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................m....@.................................t(..O....@.. ................)...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                        Entropy (8bit):6.79823264347072
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:d0KbZWApWmWTpWlIYiQ3rmAM+o/8E9VF0NyrJ:2KRytYiQqAMxkE7
                                                                                                                                                                                                        MD5:3FC45F755D484D2A3CAF00162C967851
                                                                                                                                                                                                        SHA1:2DD3DDFD4AB6A0EB381E202183843DF5F51D42EC
                                                                                                                                                                                                        SHA-256:9AF7953B9C2E32C85CD44F75EF4232393193772DD5FE177A999904102371B28D
                                                                                                                                                                                                        SHA-512:A3B8426FE8EF95EEBCFEC8E212E9011870865AD253D579F44AF3A454F3AB18DE5C978E1297C56A6A1D9990EAA89208C4BCA8610EE3FF97675E664739118F6F8A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ..............................h.....@.................................>)..O....@...................)...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15632
                                                                                                                                                                                                        Entropy (8bit):6.885286778509384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Vb1nWCXWpvIYiQ3wYRtcKZAM+o/8E9VF0NyR7n:B72QYiQgI9AMxkEfn
                                                                                                                                                                                                        MD5:272423FBA04656D72F9838C09B4675F1
                                                                                                                                                                                                        SHA1:CD730DDFD879A90C9BD044763C98B6766AFF0058
                                                                                                                                                                                                        SHA-256:7DF18EA573C3EDB4EF59930FF334C36117440437C317F30215D2EEDD18E9CEC3
                                                                                                                                                                                                        SHA-512:CC481E472A08E235834F2E3B382C2B31F2CEC8B408B92C61325F52A95946FB3A4ACDDE7FC32C6B9CDE30E6C55FE22EFDAA122FEF4332BFA4542EC3DABDBEB7DF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...................................@..................................(..O....@..T................)...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.7881669732714744
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:cuD6cYxmPlW7TW5CIYiYF8uegv7cERI+2ByA5K+o/y2sE9jBF0NyEaN1:1cyW7TWIIYiQ3lTAM+o/8E9VF0NyPN1
                                                                                                                                                                                                        MD5:DC4A551AD55E9ACDBD77B34F8E31923B
                                                                                                                                                                                                        SHA1:E534E7ADB28FC0596EAC08DEF164B88E743AF282
                                                                                                                                                                                                        SHA-256:AED741DA3B66D29BAF72A05060FD7BEF8088C3D761DFF0BC57B599B2A77C71A3
                                                                                                                                                                                                        SHA-512:DD045C2A7CBAE4B3F187ED7D0523BAE1C0C57E1B22D9356B84782C901F52A024C7682DBD6BBA36EA995A1455D182F97B1B8F6280CC22360A235CB80B132AF783
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ..............................[+....@..................................)..O....@...................)...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.917535971439002
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:V6Rb32WVzWxIYiQ3ABW8eAM+o/8E9VF0Nylj:sRb3d7YiQQE5AMxkEb
                                                                                                                                                                                                        MD5:5FD1017D5DBC5ABC7493DA12D9F0EA91
                                                                                                                                                                                                        SHA1:83C187F54A23CC314C2122E07526155E2D6CEE99
                                                                                                                                                                                                        SHA-256:B2A35E885EC61E33FCB6B09FFBDF53538CF10F0A9C3506DD95AA20D36B6F5D31
                                                                                                                                                                                                        SHA-512:38ED560DA4F589AFAB5ECB24CC2829DB99AFEEC0BD87B26EE4C357247ACD48D31D85A5406253EF035A8B7FC97D7131340667601090C79740D988A4674153059F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..P................)...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32024
                                                                                                                                                                                                        Entropy (8bit):6.548082431236893
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:9u5I+sqOylryry8qqIfUc7a5ZYiQqAMxkEv:9YIVBpry8qqIfUcm5Z7QIx
                                                                                                                                                                                                        MD5:9C89CAC7B7229D1F36988AB335885C6E
                                                                                                                                                                                                        SHA1:C85E08B4EC6DD737C447B2000AD429C1984D8BE0
                                                                                                                                                                                                        SHA-256:F8DA84F7880E67B43BA8121898A0A9033221B4A71FAE00588EE5EB3F2CB8B0AB
                                                                                                                                                                                                        SHA-512:31ED4CC247D8438FD9BB1E45AB16166C0CD971D744A23BBDAEF1D9E2467CEC6C013904A28252CF152EA9A619BDF8983A9AD817DA516FC01A5E8BABFD29C04BBD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ....................................@..................................c..O.......x............T...)...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.880951855598949
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Qvn4HREpWiQWHIYiQ3o0AM+o/8E9VF0Ny6QgPQ5:nSGYiQLAMxkE4O
                                                                                                                                                                                                        MD5:9DB6C6BB3D745A146B852616D41D85FE
                                                                                                                                                                                                        SHA1:0C808B24970A58BFC6740F6AC4ED64C702CAE624
                                                                                                                                                                                                        SHA-256:294D61E561EEDB80EA66C0080B150D707FA9D0F1791AFAD800680214DD4E146A
                                                                                                                                                                                                        SHA-512:D00F5DCF7354BD643DDA446F677A6AC893E5CCA934549B4AD58A9B15620EC48455C96AAAA076121936A3686F03C48B4199DB8D9DB7B10BEBDB7949758DA5FEB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................1....@..................................(..O....@..P................)...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                        Entropy (8bit):6.781107349224401
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:p8MjKb47T3UCcqFMkJ59WdtWoIYiQ3j/CmAM+o/8E9VF0NylZl:iMjKb4vcGdOeYiQOmAMxkEtl
                                                                                                                                                                                                        MD5:14A9E92CF00CAE2420099945AB7339CB
                                                                                                                                                                                                        SHA1:E2839C424CC0312A3CEAFFEA4EC24FC4CAE51596
                                                                                                                                                                                                        SHA-256:D4011E1AB2C2667AD6CE0B8AB6F6EEEDCFA4FFA95E5980C91D63DFD068B845D3
                                                                                                                                                                                                        SHA-512:BD92D23A86DF66D5B6DE88E69C55212AF81C21F4DB4623259980214BB29B4C98970B70A7C4C56D77EC1DEB6FD36D27DD65019BAFA1FE2A60543F46992F0D4107
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@.................................`,..O....@...................)...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.868665040615739
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:8zyNXd4+BW6FWGIYiQ3UUvAM+o/8E9VF0NyebMn:hz8YiQRvAMxkEKU
                                                                                                                                                                                                        MD5:9C5C2042B3CA981D0F5F08B7A6578C03
                                                                                                                                                                                                        SHA1:A463B3834A9B1754553DEBD7F933DCD4630E5173
                                                                                                                                                                                                        SHA-256:B0BF150F8B324DA34C4642287EF0B187D50DBB3AB1BFBED6C31AE836D2A1C39F
                                                                                                                                                                                                        SHA-512:641890DABDFFBCDEB224B37481FA481745AF094833CEF54474A1A08FB2D9FC835BAF66E5DAC556BC3BE877117E91C49BD35FB0934CFBD7BE975EE2FF085E9DE1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................s....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.8677142003997025
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Uvs2Q3HKJNrWWRWZIYiQ3kPQXdAM+o/8E9VF0NyC:UuMVYiQXAMxkE
                                                                                                                                                                                                        MD5:6A47BA84170A53AAD2FA9C31C7B699AF
                                                                                                                                                                                                        SHA1:D0A0E05860DACFF3BBD5740F7169B26EDC1EFC86
                                                                                                                                                                                                        SHA-256:4881446ABD1347F1CF3E0E94E42E47329F2E4A2E0099C372F54B14F31A7D150F
                                                                                                                                                                                                        SHA-512:9759C74F8D816EDBCEF08FE09DC377C8ECB5D68473B96285DE07E3A03E9FE17321A260576C127D2B9D8DCA1913627374D29ACA5E908312EB5F178F8851CF0558
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................y....@..................................(..O....@..4................)...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.842208231877981
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:LFz0Q6gcqRhcsMWdMWDIYiQ3wg+YAM+o/8E9VF0Ny1y:LFz1c6iYiQTAMxkE6
                                                                                                                                                                                                        MD5:6A44D439A052C7817F6F099ABBBF45E2
                                                                                                                                                                                                        SHA1:4E26260314823A33021402BC8C29F5C77BE0D7FF
                                                                                                                                                                                                        SHA-256:5385D43B82A563DA7B0F9221C57D83CE0447D399F574D6E13357FADD3AEDD955
                                                                                                                                                                                                        SHA-512:EE13D97E7637C3F22B89165BDDDF3F20C5162A42BD0E10939D039C8E4610815D78FD6600D775B25B8B8CF25AA5BB75ADA712954A29F993E77BF2EB956F87729F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................*.....@.................................L(..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Threading.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                        Entropy (8bit):6.735271411186537
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:n6xWA3W4aW/NWFIYiQ3xOEyAM+o/8E9VF0Nyjd:naBpYiQ8fAMxkEX
                                                                                                                                                                                                        MD5:C5C6397722BE770ABA45E69D6E8800C4
                                                                                                                                                                                                        SHA1:504EFB1D7559FE62F148AC71D0CB8D5F7FCCB518
                                                                                                                                                                                                        SHA-256:FD33DFCF6564309E5348408A4B8FA71D5A08D6C15C983ECCF5DCC452A2FCF903
                                                                                                                                                                                                        SHA-512:E0C44CF497E145E887961F9EB959C5BA9D5F64BAAB180F8FBE4E4EDA13AF07FBF0EF43C1BE758412BA9DEA21177747670C60C32907515EF4ECFBEB1EB0FE631B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@...................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):73496
                                                                                                                                                                                                        Entropy (8bit):5.927241283450761
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:qIumja0tbe16pSc45EfL+4vD4SuJbhjXuE3FMqF1KAy4kHo05ureseh7997QAxRg:qIuAaGbeGq5rKASI0ICh9Mug
                                                                                                                                                                                                        MD5:F7858FB8F12EA150052CFE6A6431738D
                                                                                                                                                                                                        SHA1:7CA6B60F830AF352293F42973EFC97F6BA8A7076
                                                                                                                                                                                                        SHA-256:99C6709A69C97420F9970DFA32D261874DB896C512047D903FF9D44DCB3AB2D4
                                                                                                                                                                                                        SHA-512:272E243C4967684FB667D95E6B7056E59E25E220B9E2F78FEF04D9764F1434D4528ED1596DFB1043F03CB48DA774102F7947BE562BF552C43D78FE59182AE8AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............~.... ... ....... .......................`......:.....@.................................,...O.... ..x................)...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...x.... ......................@..@.reloc.......@......................@..B................`.......H.......................d.......t.......................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o...........o ...........o!........*...o"..........o#..........o$...........o%...........o&........*....0..L.........o'..........o(..........o)...........o*...........o+...........o,........*.0..Y.........o-..........o...........o/...........o0...........o1...........o2...........o3.... ...*....0..k.........o4....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.859050338966028
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:+r97WquWbIYiQ3fSoAM+o/8E9VF0Ny9XQ6UfZ:+RJ0YiQbAMxkEgLf
                                                                                                                                                                                                        MD5:2B9E0B54FFB4D0C69DC567546E1C9774
                                                                                                                                                                                                        SHA1:C22533FFFF633B225391F28FB7236198BFA7AA80
                                                                                                                                                                                                        SHA-256:16268D859797CF94E7ACCE06ED187E465BBCE40E6B0CF7FA9B15A9D161BC4698
                                                                                                                                                                                                        SHA-512:09C64DECE1E238D981214AD89A7D818BFD6A75906E355E5CE529AD17AB0BF69404B4FB817C9EB282B3C9F86DDF23AE9D989327966C66175581683B89C686C90E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ...............................%....@.................................\+..O....@...................)...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.806326557443503
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:G16eWLDWSIYiQ36/7AM+o/8E9VF0NyZHvb:C6LuYiQW7AMxkEbj
                                                                                                                                                                                                        MD5:DEC951BD7AEED6EDEE8714446F85477C
                                                                                                                                                                                                        SHA1:B413C95C5832721DF62E5C50C8BFBE8E2AEE18D8
                                                                                                                                                                                                        SHA-256:0D17D68373112ABFEA7B91D39DDC9D862FF4F4BD75BD53DA73F4A337B298C315
                                                                                                                                                                                                        SHA-512:F765AA48D49C590086CA435C5C1878CB54FD9A226749B84CC95631695AD158D9BDE93BEF62058A78048FB4C2F13FBC7388FD5FD2384A9A385896E71CFEA55D59
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ..............................Q.....@.................................|*..O....@...................)...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17176
                                                                                                                                                                                                        Entropy (8bit):6.79842270742322
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:j8G4YC2W+wW8WpwWyIYiQ3EZu3MAM+o/8E9VF0Nyu:AGZ5JYiQmu3MAMxkE
                                                                                                                                                                                                        MD5:8DB16B02A582B4DF6A6EB981ED9F683E
                                                                                                                                                                                                        SHA1:B425FB5C0E3F06A50E85CBEE2E1FEC457033152B
                                                                                                                                                                                                        SHA-256:672ED8CE513197EEFB6C10060A8BBC63A821D0C8D481D8DA6CD8E03C4D3D3F89
                                                                                                                                                                                                        SHA-512:B9C71A148FEA255A1677A3333F6D9C74FC0516D3EACF258129B383F7D8A326CA828AB162CFEBD37DCEC38704CB52AF4D98EDBF725EA313F780FA3783D14D507F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ..............................K.....@.................................z+..O....@..x................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                        Entropy (8bit):6.905101594274101
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:n6ziqTEkGWvRWRIYiQ3R/sfAM+o/8E9VF0NyAflu:nYT1JYiQVsfAMxkEG8
                                                                                                                                                                                                        MD5:FAAF58CC3A4F4B4A0379BAC23B572D7C
                                                                                                                                                                                                        SHA1:3D06FD3419E8FE7A259B498930C96D21F0286072
                                                                                                                                                                                                        SHA-256:754262EE6038BE4A02868749181B9E70DF02C4058B9553A42B97EB0CAD07AB11
                                                                                                                                                                                                        SHA-512:2460FC6C9930984D37298B9E848B6D67A12D6F4BB8CD8458D50E22611A2A5A25336BCA102BA2FACC0747FF87A317B8AC6FE9A67ABD10F201C9DC1F18259BFE08
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................Z....@..................................)..O....@...................)...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.81806767505525
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:oUv7c7iWNCWAIYiQ3ODS9AM+o/8E9VF0NyJR:oM7c1VYiQ+QAMxkER
                                                                                                                                                                                                        MD5:FEF15634A5DCFF6DE0970694A358AC3F
                                                                                                                                                                                                        SHA1:D75A204C813A0B9DE362EE809CA745C6D39CB6E1
                                                                                                                                                                                                        SHA-256:6AB7FD2903DD4379772CBC69E2D1494DF1BFC16C96EF553379EEC97763120C82
                                                                                                                                                                                                        SHA-512:CFE7AE2BD0AF49AE183EB60DEFCCFDA9D6C029151F0E62D1910DADC4EAB1B4B209AD3A684CC1CBA46907008327292AAFD9CFBC062FDBF4472F48B95422B421CB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................)...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                        Entropy (8bit):6.8597268262905065
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:b+vxmNWnRW5kIYiYF8uegv7cERjSsvA5K+o/y2sE9jBF0NyWaM8:6SWnRWuIYiQ3/5AM+o/8E9VF0NyxM
                                                                                                                                                                                                        MD5:6A7E53B140F74F7BD0A2D784D16F8BF8
                                                                                                                                                                                                        SHA1:19286C4BAB90FBA4DE3BB73CE3B4A7EFB30E34D3
                                                                                                                                                                                                        SHA-256:FF9A7315DD0E90AB0ED79418A02F02AB0C9F8D1E353E279EDA1787580426026E
                                                                                                                                                                                                        SHA-512:A797862F6C3D19F077B441B3D0D27869B037AC3EC43E68D8B5044E3A31E1978CC6666BD1886DBA923202B74EB92511CFAFBE1E724DAC19F2D00A7E1B5FF0EC28
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ..............................<.....@.................................L+..O....@..$................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                        Entropy (8bit):6.670581408050179
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:ZfNieVZaksEEwXJj12hIYiQ3VSL3AM+o/8E9VF0Nyw:zXJj1xYiQMDAMxkE
                                                                                                                                                                                                        MD5:38EA86E0EFF4B0A3FB2CC61FA5E78DF1
                                                                                                                                                                                                        SHA1:51E11FBFF3808EB7C66776EC2B1F4BBBA0E507F0
                                                                                                                                                                                                        SHA-256:13075FAB216B6A14F0971A4C96C85AE6CE63819C92578489260C41F883542DBE
                                                                                                                                                                                                        SHA-512:C894700EA984C9A32D8997A6533DA28CB216A85917D51F5E750D4ED8CAECD47561C3DAFCF3CE40E2BDD8B816771427BA122B452FF6130B7F1A4A90351E038EB7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............b;... ...@....@.. ...............................O....`..................................;..O....@...............&...)...`......L:..8............................................ ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................C;......H.......x$...............................................................~....*.......*.~....*.......*.~....*.......*....0..I.........i./%(....r...p.o....(....o....rQ..p(....*...(....s....(....(....(....&*....0..........(....,.(....ri..po....*(....r...po....r#..p......%.r...p..(....(....(......%......s.....%......s...........s....(...+(......%......s.....%.. ...s...........s!...(...+(....o"...*....0..........s.......}....(...........s#...o$.....9......{....o%...(....r...p.o&.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exe.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):4.975451013309139
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRLelFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRLefJuAWq
                                                                                                                                                                                                        MD5:DA0EED2F114F1288C8DE452D5B95596E
                                                                                                                                                                                                        SHA1:1CF8A57C6DF6C309F373A2114A88B980A49D03E5
                                                                                                                                                                                                        SHA-256:AE5E7FA8373B273FAD07E0486CEBFD88C18F9517BA609C2B8E6534F5D9E53DCB
                                                                                                                                                                                                        SHA-512:A2B2F1CD8A772AA3EF074864DD1CE8A37FDB2A1A811B476DFB360F1C71FC787560E9F188916E2C73B290EDA74A56251DDD8EF85DD462515DF12D2E073DA9CF38
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />.. </startup>..</configuration>

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.pdb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*51 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):26112
                                                                                                                                                                                                        Entropy (8bit):2.404591342759292
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:9P3APpAPDAPpAPthp1VOj9KbXouYVIMIhTbbOEe4QsENbpe4qgM:BMKgKbVOoPAi
                                                                                                                                                                                                        MD5:0151FC741197C424E672E759DB5BDA70
                                                                                                                                                                                                        SHA1:2647089388A60A10159ECF7AE491C701A36110C8
                                                                                                                                                                                                        SHA-256:7428A28A358CD23C0483E7DD934248DA83F60E5385D3CDB0DE33A497AFDC2066
                                                                                                                                                                                                        SHA-512:D2F047ED16F4A54EECAFD0CAE68EC257859FD705FCCE84BE34FFBE531C1BD849788AFFC20B0DF65FED512C60A9145B30DF4F99F24B65FFDF0730EEACDC69B65B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........3...........0............................................................................................................................................................................................................................................................................................................................................................................................................................................................................O......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24064
                                                                                                                                                                                                        Entropy (8bit):5.436377150873873
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:nOeNiCPJ8d//4CMSKtmVbFhFMTuzO3zoVOgvevU3+uARkArvLU8Wyt:/x8d/i49z7cgWvwARkwvLU8
                                                                                                                                                                                                        MD5:D0854E8DB0D1AFBDAB9CEDB8464561A7
                                                                                                                                                                                                        SHA1:7550E1257E2D243AC0A12439D2A55C74718753D4
                                                                                                                                                                                                        SHA-256:363DC1FDC0C50618C9049F87BF6E2C6EB9D9CE4AC08960373BF778EF854D78AD
                                                                                                                                                                                                        SHA-512:CAF5CB38121FE12A560CEBE4E1AC3266AEFB3C7AB0635EFF26D1AB7DE8CD349F52CB8F9FD4F8E05CF6E496FF07083961881517298FF80A07691B22EF2B317A3D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...................................@...PE..L......\...........!..............................@..................................o....@..........................................p..`...............................................................................................H............text....V.......X.................. ..@.rsrc...`....p.......Z..............@..@........................................................................................................................H.......P...hV..................................................................BSJB............WindowsRuntime 1.4......t...x3..#~...3......#Strings.....G......#US..G......#GUID....H..`...#Blob...........W.........%3........h...a...m...9...........)...S.......................,... ...............!.....0.........l.e...~.............................5.....b.e...g.....s...........................................................&.....>.....L.....V.....o.e...v.........................e.....

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5773312
                                                                                                                                                                                                        Entropy (8bit):5.68640191645299
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:OVINVwJzGKybK12T5yb9ksyZWPsADcn0XjOTQVm8fGwoAIMHFqG:/NVwJzVSs+Wp4xyD
                                                                                                                                                                                                        MD5:2B71864142900544334292C45C9A9A21
                                                                                                                                                                                                        SHA1:763865F2163F8B3A294BB156D1E36B9E73A9EBAB
                                                                                                                                                                                                        SHA-256:94687C2812CD4B0DF1F93C3D083BAA730CAB07E9D9C3931FA6557C808BCEF49B
                                                                                                                                                                                                        SHA-512:DD73C7832A2B43774D18A83AC08CEE5A6F7D76F870A98A344B3FDD1DE61CD9B7362D31009F443592F138EFFB9ED7CDD9E4F8A7282C699B7AF3F434ABE74F215E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...................................@...PE..L......\...........!..............................@..........................@X......AX...@..........................................0X.`...............................................................................................H............text.....X.......X................. ..@.rsrc...`....0X.......X.............@..@........................................................................................................................H.......P...L.X.................................................................BSJB............WindowsRuntime 1.4......t...t(>.#~...(>..O..#Strings.....xK.....#US..xK.....#GUID....xK.x...#Blob...........W..........3........d.......c$......b"......sV......'.......A...P....s.......a................2...........p...i.....u.......................i.........................6.........o.......................................%.........I.........g...............................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\Windows.WinMD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):174080
                                                                                                                                                                                                        Entropy (8bit):4.838714488862786
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:BXlu9HOsrxLLC581nfkhTf85SfD/8E8pMyF2fIK2E3ZMrf/GXTdXg7A/w:b41x7v54sMyov2+Mrf/GXKA
                                                                                                                                                                                                        MD5:6AEB1C3E0470912D776EF79DC180AEF6
                                                                                                                                                                                                        SHA1:C35A83124548142B7AF868166EEB9B9A8DEDCA03
                                                                                                                                                                                                        SHA-256:249D4EBDCB399002F7B6DCB50384AD0DF3AB6A7CF7087161EDA4E43052128E6D
                                                                                                                                                                                                        SHA-512:3AA0D6D8BFB0788353A85E5C0F88B0D0B0CD80F200C78932D8BD4FCF0711EF6577F9C3F4036BB88A4EC7BCF58ED2C4A48FC003324B47A0FAB51E2A1B73436DE4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......U.........." ..................... ........@.. ....................................@.......................................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................................H.......H ..............................................................BSJB............WindowsRuntime 1.3......t...@...#~.......s..#Strings....`.......#US.h.......#GUID...x.......#Blob......................3................$.......................................................6=............................................iA......................cE.......................F.......................C.......................A.......................@......................PC................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\netstandard.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):92952
                                                                                                                                                                                                        Entropy (8bit):5.492494601798773
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:h2Ec05j4eAH64rh5fSt5T9nFcI94Wh7Qnx:wlK4eA7mDmWhM
                                                                                                                                                                                                        MD5:F22F964846A8A63BCDB71EB58B7B5F3D
                                                                                                                                                                                                        SHA1:97A0913116E119242FC1C31E067099309013A615
                                                                                                                                                                                                        SHA-256:ADCC6B18D8FFA146BC0FC6E8EE1FAEC57ACA9514969D4E54978B09DA114FEE0E
                                                                                                                                                                                                        SHA-512:DE5C0C4B7289E1527CB3AECE1CAAFF506302125513FD8A91550B8A6DE6E58AA3652E3536984D35D9194EA9D054671FA285B3B206F7977D4A784F2977C474D535
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ScreenBeam\Conference\service\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ...............................g....@..................................U..O....`..,............B...)........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\qf4net.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):39192
                                                                                                                                                                                                        Entropy (8bit):5.109701337907036
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:N+ZpbHSTTUa8x+qvvIojhSYiQ8dRAMxkE:N+Zpb8T2x+CvS7QK5x
                                                                                                                                                                                                        MD5:A2B24D40E394C0F946D030F1E0E96449
                                                                                                                                                                                                        SHA1:D19F6740B32FD46985B152FC9F5BE1A9323599EF
                                                                                                                                                                                                        SHA-256:EDAF7D5BE064B55FEC8B7FF7485978AA89371C2A6F16208C3FD788F05D37FE52
                                                                                                                                                                                                        SHA-512:216396E5584ECFB6F5BEB0ACA15A6DB836BE09D9DB8E43C38052BA8B98177FC85F1C9408B87DDB4F09A0E42B47CA3424E66F57DE48898F644A0DAFA84B39D2C7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....KV.........." ..0..@... ......J^... ...`....... ....................................`..................................]..O....`..<............p...)...........]............................................... ............... ..H............text...P>... ...@.................. ..`.rsrc...<....`.......P..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\instrmv.cmd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1552
                                                                                                                                                                                                        Entropy (8bit):5.186308371779243
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:CBc6mGOPDSgJqX7Blu7BW7BhXli/3g/EXOOVyOpzU/OVdEisFJROVyOLJX:0Vg8X7Blu7BW7BhXg3g/EXNiAXaYH1
                                                                                                                                                                                                        MD5:121B6A8B1EB8AC1E00DBADAE6AA64BDB
                                                                                                                                                                                                        SHA1:F673C058A5424B15D373B5A0887C59517988A044
                                                                                                                                                                                                        SHA-256:AA87F20FC3BDF08B632DF62E421C2E98ABC3C9F3565108C81F053D7E875234E4
                                                                                                                                                                                                        SHA-512:8C0EF3527787E686A9DC8D48318E99F429BA8E8CAEDEE4C689A853D78187BFD23A7F9B9939B0440479B9AD23D69E7C790EFF23F19340EBEA7F8F2CE53837C2FE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:@echo off....setlocal....set "DriverInfFile=vacscbkd.inf"..set "DeviceHwId=ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5"..set "DeviceInstId=Root\{aafa5613-1d56-4309-9c3a-c3911d766be5}\0000"....set Mode=....if /i "%1" == "install" set Mode=install..if /i "%1" == "remove" set Mode=remove....if "%Mode%" == "" (.... echo Parameter 1 must be "install" or "remove".. REM pause.. exit /b 1....)....if /i "%PROCESSOR_ARCHITECTURE%" == "x86" (.... set ProcDir=x86....) else if /i "%PROCESSOR_ARCHITECTURE%" == "AMD64" (.... set ProcDir=x64....) else (.... echo Unsupported architechture %PROCESSOR_ARCHITECTURE%.. REM pause.. exit /b 1....)....for /f "tokens=2 delims=[]" %%S in ('ver') do (.... for /f "tokens=2-5 delims=. " %%A in ("%%S") do (.... set /a Ver1=%%A.. set /a Ver2=%%B.. set /a Ver3=%%C.. rem set /a Ver4=%%D.... )....)....set InfFileSfx=....if %Ver1% LEQ 6 set InfFileSfx=6x....for %%F in ("%DriverInfFile%") do set DriverInfFile=%%~nF%InfFileSfx%%%~xF..

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.cat

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11415
                                                                                                                                                                                                        Entropy (8bit):7.16083998344546
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:qAnS5fRPFJC43ngEw9JPgXkhYCJxobQo21EhqnajTFASwlA:qA87XuLh3JxCQrsl3FA5A
                                                                                                                                                                                                        MD5:5676894C48A102867C178C55BA9FDA67
                                                                                                                                                                                                        SHA1:EE74D4BFA8A9D73261D3FB55D125DE6E3F49AD0F
                                                                                                                                                                                                        SHA-256:74632BF0BE064DE0185FB59718B706108F1AD525CF554D423614E9C74F5CF5DD
                                                                                                                                                                                                        SHA-512:D715A43A417E5C8874641AA1792F31B5918B9A81EAD7C39CC475DF3FAB3F484E20A7E9F7DF93BA7B0B4FBB9C0C507FECB46F8C76CD6A95DA2F39882BFF199AE2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0.,...*.H........,.0.,....1.0...`.H.e......0.....+.....7......0...0...+.....7......0.q.M A.y..._cB..210423040957Z0...+.....7.....0...0.....F..QM.2..?1..6..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0.... =r.`vpe.r.N.L..?..'..W\..a.'[..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... =r.`vpe.r.N.L..?..'..W\..a.'[..0.... `.]......~....5.J...e...'>.X..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... `.]......~....5.J...e...'>.X..0.... x..I...Sd...Rd...R3...\A:.b.....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d.

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.inf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2927
                                                                                                                                                                                                        Entropy (8bit):5.065642316551494
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:fzlvb2Qb2ncb25AMPHwuTHYH9ewl9P8uPtS+iSFEY0dPFi+8PBDx:L8NnhZSkFwPBt
                                                                                                                                                                                                        MD5:33262035005119B64E258A3B28415ADD
                                                                                                                                                                                                        SHA1:FDA3AF6BBAC88CB53C282A916232FD442887084A
                                                                                                                                                                                                        SHA-256:781BC7498AFA165364E09E8F5264B609C15233AFBDC95C413A966212F8D0FC1D
                                                                                                                                                                                                        SHA-512:85CD2EB68DCC51A3A2695C4C122EAE348EED9D6F9251694804C200CD3E1C6944E97E44B37321ABA2E4EED03183A2811396DA99D57B64E3837EE27E5ECCBC5F70
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[Version]....Signature = "$WINDOWS NT$"..Class = MEDIA..Provider = %VendorName%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 04/19/2021, 4.65.0.11554..CatalogFile = vacscbkd.cat........[Manufacturer]....%VendorName% = DevSection, NTx86, NTamd64........[DevSection.NTx86]....%DeviceName% = DevInst, %HardwareId%........[DevSection.NTamd64]....%DeviceName% = DevInst, %HardwareId%........[DevInst.NT]....Include = ks.inf, wdmaudio.inf..Needs = KS.Registration, WDMAUDIO.Registration..CopyFiles = DevInst.DriverModules..AddReg = DevInst.AddReg..AddProperty = DevInst.Properties........;#####################################################################..;..; Services..; ========..;..;#####################################################################........[DevInst.NT.Services]....AddService = %ServiceId%, 0x2, SrvInstSection........[SrvInstSection]....DisplayName = %ServiceName%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl = %

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.cat

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12070
                                                                                                                                                                                                        Entropy (8bit):7.457999528354426
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:n8qp5UMQVMeKazCKVHGzexo44/VUVFKmqdBC4/C+Q3ISVSWMZMQ3bRg:n+MQJK2CKVjy/VUVFheCGBk7/UMQ3ba
                                                                                                                                                                                                        MD5:FA12FB4E8459A07B36C5A95FD167D077
                                                                                                                                                                                                        SHA1:99E0B4900057767ED7FFA71A082D8D3AE22AA3F3
                                                                                                                                                                                                        SHA-256:176FF202131A269A36EDCA62C2F1DAEC1DB8BBA1EC3F480572B48D6434A12727
                                                                                                                                                                                                        SHA-512:BA97E1805D05C23DA4A4AC88995D9F7DC0018D5B7289B040FA1B5F7A43CB89A4F62EFBBD81037078F86BE843C71CCE3C4DCA0B701680156885F7D42E096E3BFD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0./"..*.H......../.0./....1.0...`.H.e......0..x..+.....7.....i0..e0...+.....7.....3.Q.."\@..k.i5.W..210419120904Z0...+.....7.....0.."0....R1.2.4.6.0.1.D.C.A.5.5.1.4.D.E.5.8.E.3.2.A.3.9.2.3.F.3.1.9.D.E.E.3.6.C.9.8.3.8.5...1..0M..+.....7...1?0=0...+.....7...0...........0!0...+.........F..QM.2..?1..6..0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R8.A.0.B.3.1.D.D.C.7.2.6.4.8.D.1.2.3.8.8.8.4.B.E.1.C.6.3.9.B.4.7.8.8.D.8.4.B.B.0...1..0M..+.....7...1?0=0...+.....7...0...........0!0...+..........1..&H.#....c.G..K.0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.1.4.8.F.B.9.6.6.5.0.8.6.B.8.C.4.0.5.A.E.5.5.2.C.8.A.4.7.5.D.3.5.B.6.2.C.B.E.A...1..0E..+.....7...17050...+.....7.......0!0...+.........H..e.k.@Z.R.u.[b..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0..N0..6........._....5+de.j0...*.H........0W1.0...U....BE1.0

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.inf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2929
                                                                                                                                                                                                        Entropy (8bit):5.0674748908058245
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:fzlhb2Qb2ncb25AMPHwuTHYH9ewl9P8uPtS+iSFEY0dPFi+8PBDx:LmNnhZSkFwPBt
                                                                                                                                                                                                        MD5:D07F07C26859DAB89970D4AD96D3F108
                                                                                                                                                                                                        SHA1:C148FB9665086B8C405AE552C8A475D35B62CBEA
                                                                                                                                                                                                        SHA-256:8B8A375ED4FEE5F3BB2CC42543409A0ACC6DDFB8FD5A1EF8F235442D54ABDD13
                                                                                                                                                                                                        SHA-512:7EAD667ECC295857988F0192ED30904A5CBFBF5180742E54F3DB890CF7903379D11FE3FCB2718908A6948B94D6D3BA5FF8B6F917190A699CD6A3C963C1857E3C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[Version]....Signature = "$WINDOWS NT$"..Class = MEDIA..Provider = %VendorName%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 04/19/2021, 4.65.0.11554..CatalogFile = vacscbkd6x.cat........[Manufacturer]....%VendorName% = DevSection, NTx86, NTamd64........[DevSection.NTx86]....%DeviceName% = DevInst, %HardwareId%........[DevSection.NTamd64]....%DeviceName% = DevInst, %HardwareId%........[DevInst.NT]....Include = ks.inf, wdmaudio.inf..Needs = KS.Registration, WDMAUDIO.Registration..CopyFiles = DevInst.DriverModules..AddReg = DevInst.AddReg..AddProperty = DevInst.Properties........;#####################################################################..;..; Services..; ========..;..;#####################################################################........[DevInst.NT.Services]....AddService = %ServiceId%, 0x2, SrvInstSection........[SrvInstSection]....DisplayName = %ServiceName%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl =

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):171544
                                                                                                                                                                                                        Entropy (8bit):5.144201025595193
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:nuQ0x55l3sW/GuUCxgJ4Ij+5I4sHFOZTDDaDVXx+ECq:nSxbZuQgulC4sHFOaXx
                                                                                                                                                                                                        MD5:AD9BFFA5A4628861E3F26AC346CD48A9
                                                                                                                                                                                                        SHA1:8556B7C3A15AE76D7264E3CF07910BD20EF1E80C
                                                                                                                                                                                                        SHA-256:349337C2B77F987F54461D9980BA06495DB1451D47B2C756A3A03BA6D31411FB
                                                                                                                                                                                                        SHA-512:E9AC2AF35EBD4CA5DD118ED9616A5344A715AF216E3ECDFF41D93D13B194C77E0925AD233F6B14C3642124BE53C8C7B9B292ABB3F87A7A8464D20CE73D9C3E13
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PV.L.7...7...7...OR..7...OO..7...OI..7...7...7...OY..7...O^..7...ON..7...OK..7..Rich.7..........................PE..d....r}`.........."..................f..............................................5.....@.......... ......................................|...................,....r...,......h...P................................................... ............................text...|........................... ..`.data...............................@....pdata..,...........................@..@.rsrc...............................@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sys

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):222072
                                                                                                                                                                                                        Entropy (8bit):5.804502367233001
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:YB1m2wrx1VKY72mPKO0x/icVbbOnRhTjuax+KU0jIruawI906bLqhg:ym2ORPKUcVWnHqnKUdhwIutg
                                                                                                                                                                                                        MD5:79F9861A0DF7104FEEF268498E811713
                                                                                                                                                                                                        SHA1:A811773C25D920E6BF7B3CDECB895C99D0612C54
                                                                                                                                                                                                        SHA-256:78936EE611D9DE99D96711E23A736C2F5FF8D82B9044C7B50F416BC599DF35E6
                                                                                                                                                                                                        SHA-512:22AFF07D8B267E2071BED597E542F6777B232877D28F1E27C26A0007CD12EEB5CF0D5A05865B49551E980295DB7D049FA2244C23DF5FB5CB6ABCABD3A6314963
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................3.....5............%.....".....2.....7....Rich....................PE..d....r}`.........."..........D...............................................P......V...... ....................................................d............`..X.......xU...@..P....................................................................................text...\........................... ..h.rdata..l...........................@..H.data...d....P.......<..............@....pdata..X....`.......B..............@..HPAGE....2............^.............. ..`INIT.................`.............. ....rsrc................l..............@..B.reloc.......@......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):153624
                                                                                                                                                                                                        Entropy (8bit):5.25201729531026
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:o1kBmhlHK7tYi3v5cfLWEbp9FzeF+7xegoHq:HBcJs/+zA+7xv
                                                                                                                                                                                                        MD5:92544DA55C0757D9D744D4A08C050326
                                                                                                                                                                                                        SHA1:2EDDACBC3D0C148141D969EB1522D84BF0543E36
                                                                                                                                                                                                        SHA-256:7A37866D3907B636D9526414F2BE2A800DDAA21B8829BFE7BEA549473E421B54
                                                                                                                                                                                                        SHA-512:667139084EB90F8AA35B127F7BD9095E2031EA37B7B134333F5ACEA437724C9303C8A519562C4FE01836857BEF95949E524F16C282FCF61EA00B66644B237F25
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.................................................)...................Rich............................PE..L....r}`.................N..........p........`...............................P............@...... ...........................P.......p...............,...,...0..........................................................|............................text....M.......N.................. ..`.data...D....`.......R..............@....rsrc........p.......T..............@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sys

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):190328
                                                                                                                                                                                                        Entropy (8bit):5.902831736440124
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:rSTpXKD1n5ezPlXUw7MZMQ+xonXSukakW+HhvqtJ:Pn5e5kMMfLnXSukaNJ
                                                                                                                                                                                                        MD5:09045E437761DA7330051D73ACE4A50B
                                                                                                                                                                                                        SHA1:393370AE29298BC008FFADDB2BF98A6A63BACAAC
                                                                                                                                                                                                        SHA-256:CCC8EA107515C0EBA76AC2B9ECAF68F85E19E6D825C946F723A12224802B38BB
                                                                                                                                                                                                        SHA-512:552B70CE7FFD85E41FFE50CCCE323D91A0B25BFE9A5CDC6A6CA60965FF1D21BDA7C3979D29CD0EAEE7CB1BE34366687F89B2A1B4A279CD62BE635172557C8AE3
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......""..fC.fC.fC.fC..C.o;t.oC.o;r.nC.o;d.`C.o;c.\C.o;s.gC.o;v.gC.RichfC.................PE..L....r}`............................................................................\'..... ....................................d.... ..................xU..............................................@............................................text....u.......v.................. ..h.rdata...T.......V...z..............@..H.data...............................@...PAGE....1........................... ..`INIT....@........................... ....rsrc........ ......................@..B.reloc..X............|..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):30320
                                                                                                                                                                                                        Entropy (8bit):5.90570007486787
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:lHa22nq7FZhYCb1FbHr3yV6x8MObXjhrI8oLbzsFA0/GDGwDbh:xaZn+ZhN1RHuVmGubzs2DGsbh
                                                                                                                                                                                                        MD5:13D95C331BCFB3F6D7CC24229E5A5AEE
                                                                                                                                                                                                        SHA1:8E2FF63978F745E4365E4A6BF510F0494CD8D173
                                                                                                                                                                                                        SHA-256:AEB7EE052321C77A78132B2D74C58EA8E9AE3651C40939D998DB95FABE56255A
                                                                                                                                                                                                        SHA-512:8BBA05E7FE33435E2267537B6129EAF1ED2E6B2E4AD2F8FB9D5F124481C9F6DB1A4D5D31E851E0F6216913F4CE5815EB16284CA03E27116826A0C39006514B02
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g:..#[..#[..#[.."6..![..F=../[.."6..![.."6.."[..*#b.&[..#[..a[...6..'[...6.."[...6.."[..Rich#[..........................PE..d......`.........."......(...6......0(.........@....................................'y....`.................................................PV..........x....p.......\..p...........`S..T............................................@..0............................text....'.......(.................. ..`.rdata..z....@... ...,..............@..@.data...D....`.......L..............@....pdata.......p.......N..............@..@_RDATA...............P..............@..@.rsrc...x............R..............@..@........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):30832
                                                                                                                                                                                                        Entropy (8bit):6.201578076414463
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:1gf2tTNqOvDzfnAGEAToFnDSy5NyuVEAsQNxd+A0/GDGwFFBh:1/zfnAGEwo9+ybEAsebDGGh
                                                                                                                                                                                                        MD5:0F01442195D5273B6EC07EBD4930E234
                                                                                                                                                                                                        SHA1:B527CF7281903B61F2933885A11C4FCFDE1F73D6
                                                                                                                                                                                                        SHA-256:103FB48D168E992EDA3BADD679167DCCE4A95F0380505169CCE313006CF547FE
                                                                                                                                                                                                        SHA-512:9647E8971D59F4127807560793BC58EEEC882C99BB1E96EE12AA8AB8F844B9E4669ECE866C433F27D9617237A0ACB5BB6A52BDF26C9E5FEE6DCD097B908D91B1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g:..#[..#[..#[.."6..![..F=../[.."6..![.."6.."[..*#f.&[..#[..`[...6..'[...6.."[...6.."[..Rich#[..................PE..L...x..`.....................2.......&.......@....@..................................a....@.................................$S.......p..x............^..p.......h....Q..T............................................@.. ............................text...d,.......................... ..`.rdata..6....@.......2..............@..@.data...8....`.......N..............@....rsrc...x....p.......P..............@..@.reloc..h............Z..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenBeam\Conference\ScreenBeam Conference.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2615
                                                                                                                                                                                                        Entropy (8bit):2.6120752303469525
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:8aRj67Nj75XC+hbm+jO6+M/C+htwsdSyq3+M/C+htwcwtrqUZsZS4tEdN4W/C+hO:8I27NH95jdLksdSv5LkcMr5uZSzSWLk
                                                                                                                                                                                                        MD5:FB0DF41B8E0F63D1EF36863ADB368005
                                                                                                                                                                                                        SHA1:BCD7C84823DF80ACF57793FAAB00C2193E23C6D3
                                                                                                                                                                                                        SHA-256:EBC8272A89FDC97494EB24E657FD888555BC81529430B2710F87E7BEBD7CC87B
                                                                                                                                                                                                        SHA-512:68070885FB2330C50D588CD824CE124C212133A1190FE80CA2A2F5C4A6B00C4D114891999352A82D142C838CCC11D45934CD18DE83D36BAB25C9E5C3BEDF5FFC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1.....DWO`..Windows.@......OwH.W......3....................../H.W.i.n.d.o.w.s.....\.1......WL...Installer.D......O.I.WL...........................P.5.I.n.s.t.a.l.l.e.r.......1......WP...{9C551~1..~......WP..WP......G.....................M.{.9.C.5.5.1.A.8.3.-.C.7.F.C.-.4.0.8.C.-.9.6.B.E.-.A.F.9.3.3.D.B.A.D.6.5.B.}.....j.2.>B...WP.!.SCREEN~1.EXE..N......WP..WP......G.....................M.S.c.r.e.e.n.B.e.a.m...e.x.e.........S.c.r.e.e.n.B.e.a.m. .C.o.n.f.e.r.e.n.c.e...e.x.e.\.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.9.C.5.5.1.A.8.3.-.C.7.F.C.-.4.0.8.C.-.9.6.B.E.-.A.F.9.3.3.D.B.A.D.6.5.B.}.\.S.c.r.e.e.n.B.e.a.m...e.x.e.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.c.r.e.e.n.B.e.a.m.\.C.o.n.f.e.r.e.n.c.e.\.a.p.p.\.J.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.9.C.5.5.1.A.8.3.-.C.7.F.C.-.4.0.8.C.-.9.6.B.E.-.A.F.9.3.3.D.B.A.D.6.5

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):651
                                                                                                                                                                                                        Entropy (8bit):5.348956889965525
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6KhaOK9eDLI4MNOK9XGK9yiv:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoM
                                                                                                                                                                                                        MD5:7CFF259EE7A28D8B8BA9D28BE3288747
                                                                                                                                                                                                        SHA1:89023672C346B4101410DF25D4CB42BD3FB38285
                                                                                                                                                                                                        SHA-256:D6EE41ADE037CF4F71E67C00CC8A98EA5BD5A6E3370CD36093EBA31DCE7B421A
                                                                                                                                                                                                        SHA-512:34224680DE9604686778FC1B4C3DAF83A47A248F6431E1BDA97F753043D760B701F8A5BB8BE0AA9FE16995C75410FC3336CE5E4A88F47EE6DFB9344912C1F0CA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sbdrvmgr.exe.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):42
                                                                                                                                                                                                        Entropy (8bit):4.0050635535766075
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                                                                                        MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                                                                                        SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                                                                                        SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                                                                                        SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DefMic.exe.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):42
                                                                                                                                                                                                        Entropy (8bit):4.0050635535766075
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                                                                                        MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                                                                                        SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                                                                                        SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                                                                                        SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI19DB.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3424.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI377A.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI37F8.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3837.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3990.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI39B0.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI39C1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3A4F.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3ABD.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1126208
                                                                                                                                                                                                        Entropy (8bit):6.47547142761303
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:tBbmgYewSBprKpygTqkg0z/f2sbQEiwiUt52wD5YqQc3w0RZqTkqMUM0zVQZo:tBflKp/Dz/f2sbQEidUt52Q5hz3w0RZI
                                                                                                                                                                                                        MD5:821A9095657D59C7CD66C28B3FD50ACE
                                                                                                                                                                                                        SHA1:AEF8A82D7D3DF689AF403BD0CCAB7ED04EC77609
                                                                                                                                                                                                        SHA-256:D5411A4C65860343B846D5503686181D3487CC324FC0562B4E5F3CD1662B80FE
                                                                                                                                                                                                        SHA-512:A885068D950307F1ABCF08DF41D3476174F02641105707EF3B81515D84F0F305DE84F6EA900421D250011EBFD4F3AFC1498CC4F3B14040E536CCB27FF6214C06
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J"..+L..+L..+L..YO..+L..YI.z+L.kUH..+L.kUO..+L.kUI..+L..YH..+L..YM..+L..+M..*L..TE..+L..TL..+L..T...+L..+..+L..TN..+L.Rich.+L.........PE..L......d.........."!...$.t..........0u.......................................P......(.....@.........................`...t...............................@=.......A.../..p....................0..........@...............4............................text...^s.......t.................. ..`.rdata...U.......V...x..............@..@.data...8...........................@....rsrc...............................@..@.reloc...A.......B..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3AED.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI3B0D.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5838.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5C50.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI66B1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI6EA1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI6ED1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI6EF2.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSIE11.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSIE8F.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\shi3A77.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):80800
                                                                                                                                                                                                        Entropy (8bit):6.781496286846518
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:FRk1rh/be3Z1bij+8xG+sQxzQF50I9VSHIecbWZOUXYOe0/zuvY:FRk/+Z1z8s+s+QrTmIecbWIA7//gY
                                                                                                                                                                                                        MD5:1E6E97D60D411A2DEE8964D3D05ADB15
                                                                                                                                                                                                        SHA1:0A2FE6EC6B6675C44998C282DBB1CD8787612FAF
                                                                                                                                                                                                        SHA-256:8598940E498271B542F2C04998626AA680F2172D0FF4F8DBD4FFEC1A196540F9
                                                                                                                                                                                                        SHA-512:3F7D79079C57786051A2F7FACFB1046188049E831F12B549609A8F152664678EE35AD54D1FFF4447428B6F76BEA1C7CA88FA96AAB395A560C6EC598344FCC7FA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.Dq..*"..*"..*"..+#..*".."..*"..+"4.*"}.)#..*"}..#..*"}./#..*"}.*#..*"}.."..*"}.(#..*"Rich..*"........................PE..L...7.O.........."!... .....................................................P............@A........................0........ .......0...................'...@.......$..T............................#..@............ ...............................text...D........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\shi7C7D.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):80800
                                                                                                                                                                                                        Entropy (8bit):6.781496286846518
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:FRk1rh/be3Z1bij+8xG+sQxzQF50I9VSHIecbWZOUXYOe0/zuvY:FRk/+Z1z8s+s+QrTmIecbWIA7//gY
                                                                                                                                                                                                        MD5:1E6E97D60D411A2DEE8964D3D05ADB15
                                                                                                                                                                                                        SHA1:0A2FE6EC6B6675C44998C282DBB1CD8787612FAF
                                                                                                                                                                                                        SHA-256:8598940E498271B542F2C04998626AA680F2172D0FF4F8DBD4FFEC1A196540F9
                                                                                                                                                                                                        SHA-512:3F7D79079C57786051A2F7FACFB1046188049E831F12B549609A8F152664678EE35AD54D1FFF4447428B6F76BEA1C7CA88FA96AAB395A560C6EC598344FCC7FA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.Dq..*"..*"..*"..+#..*".."..*"..+"4.*"}.)#..*"}..#..*"}./#..*"}.*#..*"}.."..*"}.(#..*"Rich..*"........................PE..L...7.O.........."!... .....................................................P............@A........................0........ .......0...................'...@.......$..T............................#..@............ ...............................text...D........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\viewer.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):440144
                                                                                                                                                                                                        Entropy (8bit):6.586214016423998
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:tbiQnSDqYisDEiD3jbTFiuiSiO+kP53nUNlQK:tbvnSDqJsDEiD3PTFTFiS53UNWK
                                                                                                                                                                                                        MD5:C56ED5776A11DFD94CDDD9A512B39E3C
                                                                                                                                                                                                        SHA1:147339B7E75B9A32601BB04A5A597A7F81DDB201
                                                                                                                                                                                                        SHA-256:ABF6C7C0E77D4CAD109B9B7A2CEFF9E2066C4B0A6A8730AECED89D9A9B7E8CC4
                                                                                                                                                                                                        SHA-512:FC214684D608D4DBC643C256516E65793399BDF8798940D68B32CD8F84F265C3AC5DDD3E5AC4C8CD1866D0C130F2AA0FAEA39592414D1002642D83A16DF06A19
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..M~m..~m..~m......sm.......m......mm......im....../m......im.......m......gm..~m...m..j...dm..j.s..m..~m...m..j....m..Rich~m..........PE..L......d.........."....$.........................@.......................................@..................................4..........8...............P).......:..@...p...............................@...............l............................text...F........................... ..`.rdata...R.......T..................@..@.data....7...P.......,..............@....rsrc...8............F..............@..@.reloc...:.......<...R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\5a6f3e.msi

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F451DF01-DEEE-4799-9D74-C13F54F5C275}, Number of Words: 2, Subject: ScreenBeam Conference, Author: ScreenBeam Inc., Name of Creating Application: ScreenBeam Conference, Template: x64;1033, Comments: ScreenBeam Conference Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 21 03:04:58 2023, Number of Pages: 200
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):102197248
                                                                                                                                                                                                        Entropy (8bit):7.970392187750961
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3145728:9De0/dkW7EDe0/GjVLME6DzmcfbQVmHtNSj9:9De0OWgDe08ITfbQVm/Sj
                                                                                                                                                                                                        MD5:80744017CD0EDE4BC3C925568C88FAC5
                                                                                                                                                                                                        SHA1:8B9BFCA894FD934C37E3B5AC237956A36AC1CF69
                                                                                                                                                                                                        SHA-256:3C1B3C446DBACA7916FE7A8294637D831047891DE5163BB53D3CA776A37E220E
                                                                                                                                                                                                        SHA-512:9055DC051D711F13036F240AF5AE3CE48A309A0C154BF0DE93B5D0EFA90DC6A43478CA88A12741E0625D407C68264E2C5BCD5909E2A902BDAE735650EDB7E9A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................u...............................................................5...E.......................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\5a6f40.msi

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F451DF01-DEEE-4799-9D74-C13F54F5C275}, Number of Words: 2, Subject: ScreenBeam Conference, Author: ScreenBeam Inc., Name of Creating Application: ScreenBeam Conference, Template: x64;1033, Comments: ScreenBeam Conference Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 21 03:04:58 2023, Number of Pages: 200
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):102197248
                                                                                                                                                                                                        Entropy (8bit):7.970392187750961
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3145728:9De0/dkW7EDe0/GjVLME6DzmcfbQVmHtNSj9:9De0OWgDe08ITfbQVm/Sj
                                                                                                                                                                                                        MD5:80744017CD0EDE4BC3C925568C88FAC5
                                                                                                                                                                                                        SHA1:8B9BFCA894FD934C37E3B5AC237956A36AC1CF69
                                                                                                                                                                                                        SHA-256:3C1B3C446DBACA7916FE7A8294637D831047891DE5163BB53D3CA776A37E220E
                                                                                                                                                                                                        SHA-512:9055DC051D711F13036F240AF5AE3CE48A309A0C154BF0DE93B5D0EFA90DC6A43478CA88A12741E0625D407C68264E2C5BCD5909E2A902BDAE735650EDB7E9A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................u...............................................................5...E.......................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI6AF.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI7B73.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI7C01.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI7C21.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI7C51.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI7D0E.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):726848
                                                                                                                                                                                                        Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                        MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                        SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                        SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                        SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI7D4D.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI7D4D.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Windows\Installer\MSI7D4D.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Windows\Installer\MSI7D4D.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI7D4D.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Windows\Installer\MSI854D.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI857D.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI857D.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Windows\Installer\MSI857D.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Windows\Installer\MSI857D.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Windows\Installer\MSI857D.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI857D.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Windows\Installer\MSI857D.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Windows\Installer\MSI9C61.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI9CA1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI9CD1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI9CD1.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Windows\Installer\MSI9CD1.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Windows\Installer\MSI9CD1.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSI9CD1.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Windows\Installer\MSIB1D1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIB1D1.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Windows\Installer\MSIB1D1.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Windows\Installer\MSIB1D1.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIB1D1.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Windows\Installer\MSIB1D1.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Windows\Installer\MSIB702.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIB702.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Windows\Installer\MSIB702.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Windows\Installer\MSIB702.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Windows\Installer\MSIB702.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIB702.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Windows\Installer\MSIB702.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Windows\Installer\MSIB83.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIBA4E.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):602432
                                                                                                                                                                                                        Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                        MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                        SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                        SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                        SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIBD0F.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):803131
                                                                                                                                                                                                        Entropy (8bit):6.548649086243216
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:Orx4xC95xMMFd8JUSWRAIUcoN4xC95xMMFd8JUSWRAIUcoZ:YeC95xMicwCIUcoNeC95xMicwCIUcoZ
                                                                                                                                                                                                        MD5:F2F93F9D8F52F3C6BB7465D1C0430D6E
                                                                                                                                                                                                        SHA1:E70FCC82CC1F3E36F443181EB38E95475B53718D
                                                                                                                                                                                                        SHA-256:95C39A077BB9752896867123DC007AF84F0787621DD98517886B5591B7A5E634
                                                                                                                                                                                                        SHA-512:B8D3B7B6890F65B4B0D2491EA9644DFD09BE5BFBA77F1F23BEE5903A11B3700EB8A9FC1B67F2EC52D4BE033714BC68834C10417B976DE0D502A67C82A2D4FD62
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...@IXOS.@.....@J&.W.@.....@.....@.....@.....@.....@......&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}..ScreenBeam Conference!.ScreenBeam_Conference_Windows.msi.@.....@.....@.....@......ScreenBeam.exe..&.{F451DF01-DEEE-4799-9D74-C13F54F5C275}.....@.....@.....@.....@.......@.....@.....@.......@......ScreenBeam Conference......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{7199D981-9853-484B-8139-2C2B34F1FA2A}'.C:\Program Files\ScreenBeam\Conference\.@.......@.....@.....@......&.{EC32DB67-553E-42DB-8AB0-D93C26D64C7E}:.22:\Software\ScreenBeam Inc.\ScreenBeam Conference\Version.@.......@.....@.....@......&.{85245CA4-064E-4C9A-A44A-343774C760F3}9.C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dll.@.......@.....@.....@......&.{041A7DD2-445F-4C98-9186-26507D7F21CB}9.C:\Program Files\ScreenBeam\Conference\app\ControlzEx.xml.@.......@.....@.....@......&.{842B369E

                                                                                                                                                                                                        C:\Windows\Installer\MSIBD3E.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIBD3E.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Windows\Installer\MSIBD3E.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Windows\Installer\MSIBD3E.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIBD3E.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Windows\Installer\MSIC10.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIC5FA.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIC5FA.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                        Entropy (8bit):4.842865825224654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                        MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                        SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                        SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                        SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                        C:\Windows\Installer\MSIC5FA.tmp-\CustomAction.config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1493
                                                                                                                                                                                                        Entropy (8bit):4.732294656481805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                        MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                        SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                        SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                        SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                        C:\Windows\Installer\MSIC5FA.tmp-\DefMic.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28784
                                                                                                                                                                                                        Entropy (8bit):6.08346118574361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                        MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                        SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                        SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                        C:\Windows\Installer\MSIC5FA.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIC5FA.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):701992
                                                                                                                                                                                                        Entropy (8bit):5.940787194132384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                        MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                        SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                        SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                        SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                        C:\Windows\Installer\MSIC5FA.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34984
                                                                                                                                                                                                        Entropy (8bit):6.000650459314047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                        MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                        SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                        SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                        C:\Windows\Installer\MSICB5A.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):353600
                                                                                                                                                                                                        Entropy (8bit):6.524155130898608
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:/4xsB95xMzgFkesmW1XAOKoUSUU++VWRAItCcoL:/4xC95xMMFd8JUSWRAIUcoL
                                                                                                                                                                                                        MD5:BE89B6F7002085A772991D0A12F74750
                                                                                                                                                                                                        SHA1:F80538233AC4B4E72E945683FB4DBC3B30115F51
                                                                                                                                                                                                        SHA-256:FBA201FCA51358E2CF0368CEF6DF81D593F48581B85A97E29CEB9F64BE0172EB
                                                                                                                                                                                                        SHA-512:4D0D5DAAE8EA2389F92B795AF0FFCB413504BF829D3ED593CD164100251A7BE3D14483C32A7721ED68F6BA2F8D46D1A2CAF3B72C60A2146E7BAC12AED159469B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A5.Q [^Q [^Q [^.RX_\ [^.R^_. [^.^__^ [^.^X_F [^.^^_. [^.R__I [^.RZ_@ [^Q Z^. [^E_R_J [^E_[_P [^E_.^P [^Q .^P [^E_Y_P [^RichQ [^................PE..L...!..d.........."!...$............?........................................p.......Q....@.......................................... ..x............(..@=...0...4...l..p...................@m.......k..@...............0............................text...V........................... ..`.rdata..NR.......T..................@..@.data...$...........................@....rsrc...x.... ......................@..@.reloc...4...0...6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSICDC.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):532727
                                                                                                                                                                                                        Entropy (8bit):7.23935922435014
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                        MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                        SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                        SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                        SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIEA6C.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):353600
                                                                                                                                                                                                        Entropy (8bit):6.524155130898608
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:/4xsB95xMzgFkesmW1XAOKoUSUU++VWRAItCcoL:/4xC95xMMFd8JUSWRAIUcoL
                                                                                                                                                                                                        MD5:BE89B6F7002085A772991D0A12F74750
                                                                                                                                                                                                        SHA1:F80538233AC4B4E72E945683FB4DBC3B30115F51
                                                                                                                                                                                                        SHA-256:FBA201FCA51358E2CF0368CEF6DF81D593F48581B85A97E29CEB9F64BE0172EB
                                                                                                                                                                                                        SHA-512:4D0D5DAAE8EA2389F92B795AF0FFCB413504BF829D3ED593CD164100251A7BE3D14483C32A7721ED68F6BA2F8D46D1A2CAF3B72C60A2146E7BAC12AED159469B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A5.Q [^Q [^Q [^.RX_\ [^.R^_. [^.^__^ [^.^X_F [^.^^_. [^.R__I [^.RZ_@ [^Q Z^. [^E_R_J [^E_[_P [^E_.^P [^Q .^P [^E_Y_P [^RichQ [^................PE..L...!..d.........."!...$............?........................................p.......Q....@.......................................... ..x............(..@=...0...4...l..p...................@m.......k..@...............0............................text...V........................... ..`.rdata..NR.......T..................@..@.data...$...........................@....rsrc...x.... ......................@..@.reloc...4...0...6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\SourceHash{9C551A83-C7FC-408C-96BE-AF933DBAD65B}

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):1.1738534784138652
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:JSbX72FjjiAGiLIlHVRpUh/7777777777777777777777777vDHFIHDTp/Xl0i8Q:J4QI5Ee6F
                                                                                                                                                                                                        MD5:1F15FFCCFFFE7B9E8CABB8585C3886E9
                                                                                                                                                                                                        SHA1:272FE02786A90E9E7A2CDE47EFE91297FE5F4A75
                                                                                                                                                                                                        SHA-256:DB441347E478ADFC9F99722A36C5DEF791771BACB6B8499F1DF71037ABE1D867
                                                                                                                                                                                                        SHA-512:06E035A3A3B1EE13DCE100D1F39B5881644A99C2244BABA98B021A149965C8D5E49DC14055156483DFB175D76FDDA1F97B87C27853A8A86DF84F1F5923B7BD89
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):1.8350136221430584
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:j8PhpuRc06WXJyFT5t5IeIFRdSwAEkrCyuGpeSkdSyHHltCMoeojQZCQZBt8xzM6:Khp1pFTTSFORC7zn3GaCaQZa5+vRCUW
                                                                                                                                                                                                        MD5:74BEC627EDF121BD22658761489E0EF9
                                                                                                                                                                                                        SHA1:7689EBC7C2B974891DB906A618516754DC701563
                                                                                                                                                                                                        SHA-256:C575BB0C532E6CA29DB77CBF92947004E797FD2054F34D9DFC107C9BD0B5F8BA
                                                                                                                                                                                                        SHA-512:261C136ED45FAEAB5293AD104A96F7B5BEB6DD9A649D0F55FD5ADBC77840BDA04EB891CA92E4CDEF68E38D327C8D8A6F49EE7A49D91681A786E9BFF3D1A2FEBE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\{9C551A83-C7FC-408C-96BE-AF933DBAD65B}\ScreenBeam.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16958
                                                                                                                                                                                                        Entropy (8bit):2.3402736777188395
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:a+Ngz9wjTeE7144BQ2DFFnEbHIcXExGErQa2Nvv4wG:acgz9qaE7144BQ2DPEzEMErQaAX4L
                                                                                                                                                                                                        MD5:D75CA2815FA84BC36C36D18B6AD9048F
                                                                                                                                                                                                        SHA1:5353AE1430AC909C25484047713712520C3A2AE2
                                                                                                                                                                                                        SHA-256:3B156EDE48A466BDEC4FF5F230B2841899DF2B0A4ED7A645CFF72F7DC3CBC318
                                                                                                                                                                                                        SHA-512:008A5D9B83143AC59ECF5CC2654C2597199052B0876225CF32102188F192DC7CAA87F3D7DC76E03C76AB682884198DD6A5CC3DC3AF6993DD9A7C47AB85832496
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......@@.... .(B......(...@......... ......@........................................._...................................................................................................................................................................................................................j...................................8...................................................................................................................................................................................................................................J.......................T................................................................................................................|bT.......................................................................................................................e...............5................................................................................................................pSD.L(..W5#.......................................

                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):432221
                                                                                                                                                                                                        Entropy (8bit):5.37517414918415
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauG:zTtbmkExhMJCIpErP
                                                                                                                                                                                                        MD5:8FEB666E22D89BAC438CB0FCA215A719
                                                                                                                                                                                                        SHA1:695BB128780A708F8140DF638401F929B2B79F8C
                                                                                                                                                                                                        SHA-256:29C1820F70232DA86E0EECB3CA3454BA78F48B5E543A9A81312500D60241A7CF
                                                                                                                                                                                                        SHA-512:71B121A4E34400C28285C03BEA18DCBDD0176D5768D9FE0722D3D5EFCD40E13BEF66186B764374B856CF2254191560F746459B41E1D068F5F3C664A9832E4CD0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                        C:\Windows\Temp\~DF276FB700B23A4B65.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF2F5EF0AAB68EF79E.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):1.450084485422809
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:tSRuGM+CFXJDT55Ux5IeIFRdSwAEkrCyuGpeSkdSyHHltCMoeojQZCQZBt8xzMmd:0RGbT3gSFORC7zn3GaCaQZa5+vRCUW
                                                                                                                                                                                                        MD5:F48E93FBAD0DC2B8FBB999A842016308
                                                                                                                                                                                                        SHA1:6F80E6026BCF9203FF9C4EF13F1087F4EF385556
                                                                                                                                                                                                        SHA-256:A976DE26A43B1BA643357D812093FA91B36BC2A7623E2792EEF1BC982DC299D8
                                                                                                                                                                                                        SHA-512:60F3F43BA00C4BC1F74A5AE549A41DBBD13899C8B71050D156965A58F4ABAFD1BEBDC5E38B1FC4613C3B4B636E9B8056A2A4771CDDB15624F8C8244B65562B38
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF3FE9225A02C88D50.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF4328B2771F49AE8E.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):1.450084485422809
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:tSRuGM+CFXJDT55Ux5IeIFRdSwAEkrCyuGpeSkdSyHHltCMoeojQZCQZBt8xzMmd:0RGbT3gSFORC7zn3GaCaQZa5+vRCUW
                                                                                                                                                                                                        MD5:F48E93FBAD0DC2B8FBB999A842016308
                                                                                                                                                                                                        SHA1:6F80E6026BCF9203FF9C4EF13F1087F4EF385556
                                                                                                                                                                                                        SHA-256:A976DE26A43B1BA643357D812093FA91B36BC2A7623E2792EEF1BC982DC299D8
                                                                                                                                                                                                        SHA-512:60F3F43BA00C4BC1F74A5AE549A41DBBD13899C8B71050D156965A58F4ABAFD1BEBDC5E38B1FC4613C3B4B636E9B8056A2A4771CDDB15624F8C8244B65562B38
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF47505FE7BD312BBE.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):1.8350136221430584
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:j8PhpuRc06WXJyFT5t5IeIFRdSwAEkrCyuGpeSkdSyHHltCMoeojQZCQZBt8xzM6:Khp1pFTTSFORC7zn3GaCaQZa5+vRCUW
                                                                                                                                                                                                        MD5:74BEC627EDF121BD22658761489E0EF9
                                                                                                                                                                                                        SHA1:7689EBC7C2B974891DB906A618516754DC701563
                                                                                                                                                                                                        SHA-256:C575BB0C532E6CA29DB77CBF92947004E797FD2054F34D9DFC107C9BD0B5F8BA
                                                                                                                                                                                                        SHA-512:261C136ED45FAEAB5293AD104A96F7B5BEB6DD9A649D0F55FD5ADBC77840BDA04EB891CA92E4CDEF68E38D327C8D8A6F49EE7A49D91681A786E9BFF3D1A2FEBE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF784DC92DCB40606F.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):1.450084485422809
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:tSRuGM+CFXJDT55Ux5IeIFRdSwAEkrCyuGpeSkdSyHHltCMoeojQZCQZBt8xzMmd:0RGbT3gSFORC7zn3GaCaQZa5+vRCUW
                                                                                                                                                                                                        MD5:F48E93FBAD0DC2B8FBB999A842016308
                                                                                                                                                                                                        SHA1:6F80E6026BCF9203FF9C4EF13F1087F4EF385556
                                                                                                                                                                                                        SHA-256:A976DE26A43B1BA643357D812093FA91B36BC2A7623E2792EEF1BC982DC299D8
                                                                                                                                                                                                        SHA-512:60F3F43BA00C4BC1F74A5AE549A41DBBD13899C8B71050D156965A58F4ABAFD1BEBDC5E38B1FC4613C3B4B636E9B8056A2A4771CDDB15624F8C8244B65562B38
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF92FA730FD89F5CF4.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF9FEC4CD7D602014D.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFBB413F604E6622FE.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                                        Entropy (8bit):0.23911906147083697
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:wIu2mzrdSwAEkrCyuCSkdSzdSwAEkrCyuGpeSkdSyHHltCMoeojQZCQZBt8xzMmb:bRRCU7RC7zn3GaCaQZa5+g4d
                                                                                                                                                                                                        MD5:C5B1EADAB4DA54727E9A41BE8229B3AD
                                                                                                                                                                                                        SHA1:ACAD322513EE000FC47B671791F256529D7E59EB
                                                                                                                                                                                                        SHA-256:D013820A001C2DE25EA13A62C7EE81E055E4D7C2929AF9910FDA506F6332D5F7
                                                                                                                                                                                                        SHA-512:A71B67D7ED4DA9F792BBD3C165F9454877B8468E50EC35601EEB2958A3EC2DE59F29894BBB29D0A710C53393DF6E6331A1C4D15DA01EB5285487F9FDACDCDC65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFC1699606375408C5.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFC32CF6817570FB5C.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):1.8350136221430584
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:j8PhpuRc06WXJyFT5t5IeIFRdSwAEkrCyuGpeSkdSyHHltCMoeojQZCQZBt8xzM6:Khp1pFTTSFORC7zn3GaCaQZa5+vRCUW
                                                                                                                                                                                                        MD5:74BEC627EDF121BD22658761489E0EF9
                                                                                                                                                                                                        SHA1:7689EBC7C2B974891DB906A618516754DC701563
                                                                                                                                                                                                        SHA-256:C575BB0C532E6CA29DB77CBF92947004E797FD2054F34D9DFC107C9BD0B5F8BA
                                                                                                                                                                                                        SHA-512:261C136ED45FAEAB5293AD104A96F7B5BEB6DD9A649D0F55FD5ADBC77840BDA04EB891CA92E4CDEF68E38D327C8D8A6F49EE7A49D91681A786E9BFF3D1A2FEBE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFE87D27748C1E9972.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.07896172752896818
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOJYl2yDq2lACLDh1SVky6l/X:2F0i8n0itFzDHFIHDTp/X
                                                                                                                                                                                                        MD5:C306917C6063A4121422B336E93411C1
                                                                                                                                                                                                        SHA1:6AFA970112C5B5294D03EDE0EA29994B40903E60
                                                                                                                                                                                                        SHA-256:5F978A91535964A7233195F8A1C9EC5E0FB158782FA6663C8A614DD6FEAB84EA
                                                                                                                                                                                                        SHA-512:042EBE757D892E79F5DD80436AB8D4F7A1FCC1D7C12F1A1A4178D5FAD79AB974D0B42ACE073B221A0C6C17E58B96A05F97DF6332904F1173DB5C1569DBA4565C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F451DF01-DEEE-4799-9D74-C13F54F5C275}, Number of Words: 2, Subject: ScreenBeam Conference, Author: ScreenBeam Inc., Name of Creating Application: ScreenBeam Conference, Template: x64;1033, Comments: ScreenBeam Conference Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 21 03:04:58 2023, Number of Pages: 200
                                                                                                                                                                                                        Entropy (8bit):7.970392187750961
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                                                                        File name:ScreenBeam_Conference_Windows.msi
                                                                                                                                                                                                        File size:102'197'248 bytes
                                                                                                                                                                                                        MD5:80744017cd0ede4bc3c925568c88fac5
                                                                                                                                                                                                        SHA1:8b9bfca894fd934c37e3b5ac237956a36ac1cf69
                                                                                                                                                                                                        SHA256:3c1b3c446dbaca7916fe7a8294637d831047891de5163bb53d3ca776a37e220e
                                                                                                                                                                                                        SHA512:9055dc051d711f13036f240af5ae3ce48a309a0c154bf0de93b5d0efa90dc6a43478ca88a12741e0625d407c68264e2c5bcd5909e2a902bdae735650edb7e9a7
                                                                                                                                                                                                        SSDEEP:3145728:9De0/dkW7EDe0/GjVLME6DzmcfbQVmHtNSj9:9De0OWgDe08ITfbQVm/Sj
                                                                                                                                                                                                        TLSH:59283321B58AC03AF67F51725939EAA6567D7E600B3248EBA3D87A7E0D751C10332F13
                                                                                                                                                                                                        File Content Preview:........................>............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A..

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Dec 29, 2023 04:49:00.057455063 CET1.1.1.1192.168.2.40x5668No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 29, 2023 04:49:00.057455063 CET1.1.1.1192.168.2.40x5668No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 29, 2023 04:49:13.054140091 CET1.1.1.1192.168.2.40x7d95No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 29, 2023 04:49:13.054140091 CET1.1.1.1192.168.2.40x7d95No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:04:48:39
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ScreenBeam_Conference_Windows.msi"
                                                                                                                                                                                                        Imagebase:0x7ff634d80000
                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                        Start time:04:48:40
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                        Imagebase:0x7ff634d80000
                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                        Start time:04:48:40
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 9D34D7427C27ADE329EE17E590582B2F C
                                                                                                                                                                                                        Imagebase:0x600000
                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                        Start time:04:49:44
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\System32\MsiExec.exe -Embedding 809CEDDD01300C3B79C7082C58D3525E C
                                                                                                                                                                                                        Imagebase:0x7ff634d80000
                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                        Start time:04:49:45
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3424.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5911687 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                        Start time:04:49:45
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI3424.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --def
                                                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                        Start time:04:49:45
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                        Start time:04:49:46
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5913265 100 ByomCustomAction!ByomCustomAction.CustomActions.VerifyDriverBusy
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                        Start time:04:49:47
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --list
                                                                                                                                                                                                        Imagebase:0xc50000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                        Start time:04:49:47
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                        Start time:04:49:47
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                        Imagebase:0x2adb4a50000
                                                                                                                                                                                                        File size:34'984 bytes
                                                                                                                                                                                                        MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                        Start time:04:49:47
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                        Start time:04:49:48
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --list
                                                                                                                                                                                                        Imagebase:0x8b0000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                        Start time:04:49:48
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                        Start time:04:49:48
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI3ABC.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                        Imagebase:0x1f23b9e0000
                                                                                                                                                                                                        File size:34'984 bytes
                                                                                                                                                                                                        MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                        Start time:04:49:48
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                        Start time:04:49:54
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI5838.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5920828 128 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                        Start time:04:49:54
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI5838.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --def
                                                                                                                                                                                                        Imagebase:0x880000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                        Start time:04:49:54
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                        Start time:04:49:55
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI5C50.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5921859 138 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                        Start time:04:49:55
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --list
                                                                                                                                                                                                        Imagebase:0x8c0000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                        Start time:04:49:55
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                        Start time:04:49:56
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI5C50.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                        Imagebase:0x20928480000
                                                                                                                                                                                                        File size:34'984 bytes
                                                                                                                                                                                                        MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                        Start time:04:49:56
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                        Start time:04:49:57
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI66B1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5924515 164 ByomCustomAction!ByomCustomAction.CustomActions.RemoveDriver
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                        Start time:04:49:59
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MSI66B1.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                        Imagebase:0x176cf840000
                                                                                                                                                                                                        File size:34'984 bytes
                                                                                                                                                                                                        MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                        Start time:04:49:59
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                        Start time:04:50:03
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 91905C7D064CD546A55ACF820F5C2603
                                                                                                                                                                                                        Imagebase:0x600000
                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                        Start time:04:50:03
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\System32\MsiExec.exe -Embedding 2BC6845E5AFE2BC1FD6CEB0BC5219A68
                                                                                                                                                                                                        Imagebase:0x7ff634d80000
                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                        Start time:04:50:03
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSI7D4D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5930375 133 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                        Start time:04:50:04
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSI7D4D.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --list
                                                                                                                                                                                                        Imagebase:0x300000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                        Start time:04:50:04
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                        Start time:04:50:05
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSI7D4D.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                        Imagebase:0x1664e530000
                                                                                                                                                                                                        File size:34'984 bytes
                                                                                                                                                                                                        MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                        Start time:04:50:05
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                        Start time:04:50:05
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSI857D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5932421 160 ByomCustomAction!ByomCustomAction.CustomActions.WaitForUnpairDeviceApp
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                        Start time:04:50:11
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSI9CD1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5938406 168 ByomCustomAction!ByomCustomAction.CustomActions.StopSBUCProcesses
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                        Start time:04:50:12
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --list
                                                                                                                                                                                                        Imagebase:0x1f0000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                        Start time:04:50:12
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                        Start time:04:50:13
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                        Imagebase:0x23d89ca0000
                                                                                                                                                                                                        File size:34'984 bytes
                                                                                                                                                                                                        MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                        Start time:04:50:13
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                        Start time:04:50:13
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSI9CD1.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --list
                                                                                                                                                                                                        Imagebase:0x110000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                        Start time:04:50:13
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                        Start time:04:50:14
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSI9CD1.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                        Imagebase:0x1323bff0000
                                                                                                                                                                                                        File size:34'984 bytes
                                                                                                                                                                                                        MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                        Start time:04:50:14
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                        Start time:04:50:17
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSIB1D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5943750 220 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                        Start time:04:50:17
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSIB1D1.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --def
                                                                                                                                                                                                        Imagebase:0xe90000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                        Start time:04:50:17
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                        Start time:04:50:18
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSIB702.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5945093 230 ByomCustomAction!ByomCustomAction.CustomActions.SetIsInstallingTrue
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:52
                                                                                                                                                                                                        Start time:04:50:20
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSIBD3E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5946671 437 ByomCustomAction!ByomCustomAction.CustomActions.IsDriverBusy
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                        Start time:04:50:20
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSIBD3E.tmp-\DefMic.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"DefMic.exe" --list
                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                        File size:28'784 bytes
                                                                                                                                                                                                        MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:54
                                                                                                                                                                                                        Start time:04:50:20
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:55
                                                                                                                                                                                                        Start time:04:50:21
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\Installer\MSIBD3E.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                        Imagebase:0x18f0d3f0000
                                                                                                                                                                                                        File size:34'984 bytes
                                                                                                                                                                                                        MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:56
                                                                                                                                                                                                        Start time:04:50:21
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:57
                                                                                                                                                                                                        Start time:04:50:22
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSIC5FA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5948921 452 ByomCustomAction!ByomCustomAction.CustomActions.DisableCampfilters
                                                                                                                                                                                                        Imagebase:0x7ff7e1630000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:58
                                                                                                                                                                                                        Start time:04:50:22
                                                                                                                                                                                                        Start date:29/12/2023
                                                                                                                                                                                                        Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll
                                                                                                                                                                                                        Imagebase:0x7ff62ce70000
                                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                                        MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4D12C0 Relevance: 2.2, Strings: 1, Instructions: 911COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2@_I
                                                                                                                                                                                                          • API String ID: 0-970971737
                                                                                                                                                                                                          • Opcode ID: cbf9b0534852e1b239fd2fd9a98a55ecc282a640220d9dfc470698a906f17a50
                                                                                                                                                                                                          • Instruction ID: 8b111e11a94e289f441e449751d623dd2250fedaf7d63ad2f81cc63c8fbfdb26
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbf9b0534852e1b239fd2fd9a98a55ecc282a640220d9dfc470698a906f17a50
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3520762B0F6C50FEB7586AC68251286F92EFC5764B1902FBE49CC71FBE814BD019341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D1518 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 39bf8aace4ecc24227493b31db7dd94caac5699b0c6423d9dc3b8686b26bd6a8
                                                                                                                                                                                                          • Instruction ID: 99f668df8782bee95b9ee938492854f2b569a9449ee060e8df2731c320e7c893
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39bf8aace4ecc24227493b31db7dd94caac5699b0c6423d9dc3b8686b26bd6a8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AE15A62B0F6C50FE7798AAC64291686FD2EF85764B1902FBD48DC72FBDC14AD029341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D3751 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d1e3b48566cee730b300239258bae65411f2feca5c4d923297e5dce323fd1fb5
                                                                                                                                                                                                          • Instruction ID: f5be6c3848efa1b39f8adb0b141919c5482a84b9cee56e644c3ac400257909bb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1e3b48566cee730b300239258bae65411f2feca5c4d923297e5dce323fd1fb5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05911A2170E6C94FE766977C98756717FE0EF93328B0902FAE0D9C70A3E9086946C751
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D20FA Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3982d0201a6dbb9841e9bfcdfccb877c810642b4dfa942e55f86a9f0508faf10
                                                                                                                                                                                                          • Instruction ID: 10ab633ce070c8729fa9c978095aec2b287ab11d0f43534aa5a5dcf7a599db3d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3982d0201a6dbb9841e9bfcdfccb877c810642b4dfa942e55f86a9f0508faf10
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8A10823B1E5A60AE715B7BCB4A65E53FA1EF4123870942F7D0DDCF0E7DC08648A8295
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D449D Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c5d3f3cb0ea5491a3ce278dd04dc17c08a10f1771f00cc80410e35cad731bf49
                                                                                                                                                                                                          • Instruction ID: 7e2d07be6f957635e98d5f3591947004726b23665750f82d876add19023f9f93
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5d3f3cb0ea5491a3ce278dd04dc17c08a10f1771f00cc80410e35cad731bf49
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51612721B0EA9A0FE7B552B814752B92BD1EFC5228F1602FED189C71E3DD0C6D469381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D310E Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ded21dc30632b3b5f858fbbf220983ebfa1e0574bfb6a78915e7702d7f6b39c1
                                                                                                                                                                                                          • Instruction ID: bff432287f15a2055f25689afc7aa6210a7bcd24d71597e77836ae0cf641aea8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ded21dc30632b3b5f858fbbf220983ebfa1e0574bfb6a78915e7702d7f6b39c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25510312F1EA9A0BE7B656B818361B93BD1DFCA664B5602B6D419C72E3DC08B9025342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D34E1 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fecff8519e2dd35e4571a21500b90c35eb378c2ab25f41f9be77ca67d4168283
                                                                                                                                                                                                          • Instruction ID: e332f660ecb73b4fb7aad80893e0c4377782effdc876e7e59cb609a9474cec13
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fecff8519e2dd35e4571a21500b90c35eb378c2ab25f41f9be77ca67d4168283
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4510A3060964D8FDB55EFACD8699ED7BE0FF59314F1501BEE449C32A2DA35A841CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D410E Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: eeb9b21c0be7ded6b04ab7fc2d807cc0b24670a8458f59b2be70e1788848f207
                                                                                                                                                                                                          • Instruction ID: f72164a1618a5ac62b2ca068d5665764f70a423c4c4702ee748401b57d331afa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eeb9b21c0be7ded6b04ab7fc2d807cc0b24670a8458f59b2be70e1788848f207
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C51E130A19B854FD759EF7884266A97BE0EF49314B1401FDE04ECB2A7DE6CA846C741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0d39b08ee7c31b0bbe6fe2f46af27a9af748649b0937cfa6e0208f6eba9cd7ba
                                                                                                                                                                                                          • Instruction ID: 35d6df16412eabcb4ba0787368b5c8ecd4db76213a2d0417fff33e783527710f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d39b08ee7c31b0bbe6fe2f46af27a9af748649b0937cfa6e0208f6eba9cd7ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D411911E0F78A0FE7A6567848756A53BA1DF96254B0602FFC45CC70E3ED5C6D468342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fc426f9a2d991f61c75ddd6ba0aa0da468e02150a427e48177c7a5347ba006f2
                                                                                                                                                                                                          • Instruction ID: da2081f12c1d638d7562ce176d420481ecb91f045888639f2444abaed4ccf892
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc426f9a2d991f61c75ddd6ba0aa0da468e02150a427e48177c7a5347ba006f2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6441E53091E7CD4FDB2A9BA958656F57FA0EF53329F0402BFD089C31A3CA582416C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D2C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 138da15b15ebbf00c5565867bcef903aa146b3aada2aa44d6297b091fa99fac9
                                                                                                                                                                                                          • Instruction ID: 62c6c3e379cf803b10a991ae769b1c0805b789a4f22740074f2f8f4f249310ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 138da15b15ebbf00c5565867bcef903aa146b3aada2aa44d6297b091fa99fac9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92213811F0FA5A0FE7BA52F894351A92B919F86A10B4602FAC058C61E7DD087D475382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D39FC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 06d1f76953bdb2df70dd5b583766e123f08bece2e387051e1eb669836b1bc7c7
                                                                                                                                                                                                          • Instruction ID: 6f7f3d0415f6f49206cfdd1063e0234816c64916ebc54dd1ec0d2dcd364bfbcb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06d1f76953bdb2df70dd5b583766e123f08bece2e387051e1eb669836b1bc7c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7401283060E64B5FD391EBF084751EA7BD1EF85224B1A02E8D449C71B6C97DEC86C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6a7816c68f9dad99311dbe62cae80dee6fbb3fef8f8e75f62992409293fca59d
                                                                                                                                                                                                          • Instruction ID: ac17b969a190f487d2e843dddbcbc3c8262dcc65c0cc1863365fe96c7f1c2a37
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a7816c68f9dad99311dbe62cae80dee6fbb3fef8f8e75f62992409293fca59d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50F06D11B1B85F05F27622E826B52BD21C1ABC9668FA60735D82DC62F2DC08BA526542
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D48A1 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6389342c0fdfbf2dd514584fae341fae7df3c15c9ea7f2f3561fecbdb2f94b0f
                                                                                                                                                                                                          • Instruction ID: 72e0c4457877b3051c34a943b35562eda7f00d221fcbae4b1b91c1ba4e102aca
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6389342c0fdfbf2dd514584fae341fae7df3c15c9ea7f2f3561fecbdb2f94b0f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BF0282460F1C54FDB6397BC58705617FE4DF4321870941EFE0D8C60E3D4882985C382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 11617800857e77627b51f0491a5dc58bd7c7569440622708fe8dc0d5f1ba7d90
                                                                                                                                                                                                          • Instruction ID: 28f7f46956245ecab9446cdfec7821fe6e50520edb3c9a357d0981b9bfa8a95a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11617800857e77627b51f0491a5dc58bd7c7569440622708fe8dc0d5f1ba7d90
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EE07D3260F94C5BCB10EA9AAC604CA3B98FBDD318B01022BF48CC3251E2125511C351
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4D3A45 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000003.2307166670.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 82544254d862aa2e6adc98c41372afc7ad6586f2cd80e16734226456b4d3e21b
                                                                                                                                                                                                          • Instruction ID: 68c9e46dcec6532525de5df9ad129192c69fa4665b310cd7b224663cd905558d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82544254d862aa2e6adc98c41372afc7ad6586f2cd80e16734226456b4d3e21b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53E08C6004F6CA2FC382A7F00A3A4EEBFE0AE4766430D02CCC4C68B027C28C488A8341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00C21538 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: f4ab91df1ad1e8391daf96bdfd4d1e7beff24fd9164943b11b322ccfe184c209
                                                                                                                                                                                                          • Instruction ID: 23b9911ffe9b60d3187050acf3b93ec2cf347bfebfaea253f212f796ec0d7a19
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4ab91df1ad1e8391daf96bdfd4d1e7beff24fd9164943b11b322ccfe184c209
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A21A631900719CFCF10DF68D844899F775FF95311B0986ADD8596B222EF31D984CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C210B9 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 3
                                                                                                                                                                                                          • API String ID: 0-1842515611
                                                                                                                                                                                                          • Opcode ID: 1e60a7cbd26db90dcea830bebdad25e975bdf78a77e8eac794a0e412450093fd
                                                                                                                                                                                                          • Instruction ID: 49877d4fbdd9477936a7fc870eb103e06aacfb2f6e03552bbd9ca558f053d320
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e60a7cbd26db90dcea830bebdad25e975bdf78a77e8eac794a0e412450093fd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA515B71E00218DFDF14DFA9D944BDEBBF6AF88310F14806AE519EB290DB359A45CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21528 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq
                                                                                                                                                                                                          • API String ID: 0-847773763
                                                                                                                                                                                                          • Opcode ID: e8a1d551d5a63c7e8b83458a7054a7619216a952bc01b8e88c98f8b54effb6f0
                                                                                                                                                                                                          • Instruction ID: 06a2f51f98f0524ff58b49c6d440486e9ac44ec6381d56902bab9263300410dd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8a1d551d5a63c7e8b83458a7054a7619216a952bc01b8e88c98f8b54effb6f0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E21E731904759CFCF11AF78D854499FB70FF96300F0989ADD8556B122EB31D984CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C20848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4417883e9d205b3f1f287e032a530e353db26057f2573d3fb3d10eee5f371c10
                                                                                                                                                                                                          • Instruction ID: 6f4323b296de465883e242c0d68e8747cac06341549bf8236b22232b9c061919
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4417883e9d205b3f1f287e032a530e353db26057f2573d3fb3d10eee5f371c10
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D161BF74A00325CFDB14EF74E554AAE7BB2FF85700F20846AD4069B7A6DB309D4ADB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C212E2 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c12f1548a1618aeba193df69def3d3394967e05673d1afb7b7a44eaa4dd43304
                                                                                                                                                                                                          • Instruction ID: 5879d710a5cff7b0a1cdd49edd213f54f4ab451f96c7f6eebf7cb29e6fee367a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c12f1548a1618aeba193df69def3d3394967e05673d1afb7b7a44eaa4dd43304
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58516132D50B06AAE7109BB5CC45699F371FFDA700F61CB0AF6443B191EBB061C4CA41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C212F0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ca4057c526b69ce62e1d46ec07d129f1050aca21988db7c7504c10fbeffab0d4
                                                                                                                                                                                                          • Instruction ID: 8808a0da626326ffb8b868bcb9748998e4e71d6e668552c1a02162e35e034d37
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca4057c526b69ce62e1d46ec07d129f1050aca21988db7c7504c10fbeffab0d4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64511F32E50B0AA6E710DBA5CC45A99F372FFD9700F61CB15F6483B195EBB0A1D4C681
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21B08 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3ed4228e20db45605be9543e26e7639850017a3bbf92a6f90c53fe6b05344577
                                                                                                                                                                                                          • Instruction ID: 44ec859eec1a6091168a299c97aa199a8b6f919787bb1792873294072ea57c64
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ed4228e20db45605be9543e26e7639850017a3bbf92a6f90c53fe6b05344577
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3418132E00B4A9BCB00EFB9D8905DDF7B1FF95300B15C66AD955BB210EB30A685CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21C74 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4c681d2b8e769d1cb65d93ebcba7beb6960c72178f71cb4bf7a7666d83a2649f
                                                                                                                                                                                                          • Instruction ID: 65f457246812a641784cf69f1895919312a081d74578285e0a8932e937938df7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c681d2b8e769d1cb65d93ebcba7beb6960c72178f71cb4bf7a7666d83a2649f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 714102B1C0035DDACB10CFAAC944ADEFBF5AF88300F24812AD419BB244DB706A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C2118C Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0931444be3dec13b25ddcfa5c1fbbee48e5cb3d7e5421473acfbd59804cd8854
                                                                                                                                                                                                          • Instruction ID: ed81437df887dc540e7afb6c7539fcd7564f603894dd5321ccbbe66cecdc0f1d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0931444be3dec13b25ddcfa5c1fbbee48e5cb3d7e5421473acfbd59804cd8854
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B54107B1D00258DFDB14DFAAD985BDEBBF6AF48304F24802AE814AB250DB705A45CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C217C9 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c7ce52182e31d895c28320bd22e77e7763a893b7cfa24c9fe498dae9327f27ee
                                                                                                                                                                                                          • Instruction ID: 7aacf92bcd8c832153c6d4ff5aa41ffde9eff36da23431e4cc2b85a4520b241f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7ce52182e31d895c28320bd22e77e7763a893b7cfa24c9fe498dae9327f27ee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5318F32E0070AABDB00DFB9D8905DEF7B2FF95300F15C66AE915A7261EB30A585C790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21C80 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 468651fd5766ee862dd3df820bbcadad6e3a7ecac1bd792cb782afdb419962ed
                                                                                                                                                                                                          • Instruction ID: e4146d18699a8706c01196d33c0f33ddffafb95c1f3139e7be725b52066b555b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 468651fd5766ee862dd3df820bbcadad6e3a7ecac1bd792cb782afdb419962ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB4104B1D0035DDACB10CFAAC944ADEFBB5BF58300F24812AD419BB244DB706A45CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21674 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3180fdc82d07de139c623f94cefb5fe30fb3c01204f94e30713572259b9698c2
                                                                                                                                                                                                          • Instruction ID: 27d2e4df0f1e26b5357b2e655eeb85331862af6f6dfcc46165427146783c0da9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3180fdc82d07de139c623f94cefb5fe30fb3c01204f94e30713572259b9698c2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3415AB1D002589FDB24CFA9D884BDEBFF5AF88300F24802AE815BB250DB705A05CF51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21198 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e988c14ceae15c9e59c85c3192e3768d1d3951d927596daadf0309ee708007b3
                                                                                                                                                                                                          • Instruction ID: 2f8213c0054dbb247e8ce529fdae086489b84e0ffeba15b6e33362f153d9bd80
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e988c14ceae15c9e59c85c3192e3768d1d3951d927596daadf0309ee708007b3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F3117B1D00258DFDB24DFAAD945BDEBBF6AF48300F24802AE814BB250CB705A45CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21680 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7abed2fb00c4cc0fe695333ede4514ab139e0032f79864ae3251fcd71ea7bf3d
                                                                                                                                                                                                          • Instruction ID: 9d7cae113790574669e089b0e87212f0750851e69144a6168bf63559b635fd5c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7abed2fb00c4cc0fe695333ede4514ab139e0032f79864ae3251fcd71ea7bf3d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 153147B0D002589FCB24CFAAD884BDEBBF5AF88700F24802AE415BB250CB705905CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C219F5 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 88d91dd155aca58db31506b297f298bd79df07b1490782f8434e03404a9ee3db
                                                                                                                                                                                                          • Instruction ID: f958b79386b47891f8359b175653067c2beefa2473f9aaf5bf18f71bfa7cadc4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88d91dd155aca58db31506b297f298bd79df07b1490782f8434e03404a9ee3db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6031F6B1C01258DFDB24DFDAD884BDEBFF5AF48310F24801AE419A7240C7756945CBA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C20830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8687283d8f66ad77148401183a2fb8b0fc40afb13a536815d3b76a73652c5fb1
                                                                                                                                                                                                          • Instruction ID: 5c5103a4bd9c0bbe3d5b8c33cb0ea6c825b4c6c650483c7bc35362229546636a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8687283d8f66ad77148401183a2fb8b0fc40afb13a536815d3b76a73652c5fb1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C213274A003218FDF15AB34D8106AE7BB2ABC5704F24006BC919DB7AAEB359C0AD781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C218E4 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f3815da84bad86d0bcd8a903de94afbbe82fa4e6ed354619087ee4b8a85331fe
                                                                                                                                                                                                          • Instruction ID: e77c1336b43e2fd2db7779f73004fbdfb5618c8a45060883db55b78064a7d57f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3815da84bad86d0bcd8a903de94afbbe82fa4e6ed354619087ee4b8a85331fe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7531F6B1D003589FDB14DFAAD894ADEBFF8AF48310F24802AE459B7254CB745985CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21A00 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d71ae8be31363a490f1f979414cdd2a9477b098fd7d3ef33cb4477a347c942cb
                                                                                                                                                                                                          • Instruction ID: b61b2fd49f9efb55e25a092c55cef7cbae2a45eb76557b6aada1f4f37f5827ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d71ae8be31363a490f1f979414cdd2a9477b098fd7d3ef33cb4477a347c942cb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE31B4B1D01258DFDB24DF9AD885ADEBFF9AF48310F24802AE819B7250CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C218F0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 72fc063ed091ad0b9ea9023851ea2530eb2be1d4f3944995c443af88cd9e7681
                                                                                                                                                                                                          • Instruction ID: 2c64ae647cdb65eb421f8658475adc83e363e08fd8cebbb70ed36a624a45cd39
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72fc063ed091ad0b9ea9023851ea2530eb2be1d4f3944995c443af88cd9e7681
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A21E6B1D003589FCB24DF9AD894ADEBFF9BF48310F24802AE819B7254CB745985CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C21028 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 84339cb6e3f74eb2da235e2b634e40ba358aac5a15903a49cd124bc9a5b84706
                                                                                                                                                                                                          • Instruction ID: e2c7920f1f0f699f15165ddbde0cd5f3571267c42208e7f2273cdc54ab3ed5dc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84339cb6e3f74eb2da235e2b634e40ba358aac5a15903a49cd124bc9a5b84706
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2010035B04A459FD715CB76E8506AEBBE2EBC1306B0889BFD059CB252EA3199068B00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C210C8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1094f840cd34fa7e776acb2ea2096c97a690318648081a7a3db7f8ac9e81f3f3
                                                                                                                                                                                                          • Instruction ID: 9f261a1898d58b0aad4965067bf0649895e133b06354761e3f191426b66f0135
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1094f840cd34fa7e776acb2ea2096c97a690318648081a7a3db7f8ac9e81f3f3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EF0E23270011CA7CF14DAA5D8549EE7BEAEB88301F048469D601AB290DE32991597E0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C2161F Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c6160e7135ad58b07a680264fdad8f4c34e8839a879d2a0b0bc0ff97037b37f6
                                                                                                                                                                                                          • Instruction ID: da2c643178661c59b4beed1010c04cf9ae48028b67163aec8739323ff8083e8c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6160e7135ad58b07a680264fdad8f4c34e8839a879d2a0b0bc0ff97037b37f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCF0A031A0534CAFC704DB749D95B9E7BEACB81305B0984E9D509DB142ED31AB029791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C20B3A Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a9afe891dc2ef108503474fdf4a24fcd611ba14e5b912322249776e161a4f7c3
                                                                                                                                                                                                          • Instruction ID: fbf4714a7167e18f5a497aa31718f1b374915f785dba6ab74ae6b453f004cbe3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9afe891dc2ef108503474fdf4a24fcd611ba14e5b912322249776e161a4f7c3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18E0C276215EA40FC302A66CA81068A1EEA9EDA70071901B7E144CB247CE504D0287F9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C208FF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000008.00000002.2306631733.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_c20000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 319ab47e6c51e72f5034658f60b628a43b9d7dfd3aafe4751f80916851a7d5e5
                                                                                                                                                                                                          • Instruction ID: 53abd8154fc82037b1f3ca8b6bfdfe3ae64ef4f4bc9adffdb269c1ecd411f258
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 319ab47e6c51e72f5034658f60b628a43b9d7dfd3aafe4751f80916851a7d5e5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDD09E75700229CFCF00DFA9D4485DC77B0EF98715F1000A5E109DB361D7759855DB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4912C0 Relevance: 2.1, Strings: 1, Instructions: 893COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2D_I
                                                                                                                                                                                                          • API String ID: 0-1054241413
                                                                                                                                                                                                          • Opcode ID: 84cc4c21fdab1aa058601d40b66f27277b29308bf3ec868d53981f663982fc99
                                                                                                                                                                                                          • Instruction ID: b7395db7bfd991f6eccff0d3028eef1a4858fa39fc66e279198a0f7148d2586e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84cc4c21fdab1aa058601d40b66f27277b29308bf3ec868d53981f663982fc99
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27527B63B0FAC51FE73586AC58251787B92EF86B64B1901FBD089C71FBE854AD01E342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B491518 Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 37811236393e4a40059991277e11bc71258755475daadb279e9eda1d6807101c
                                                                                                                                                                                                          • Instruction ID: da3483c7eac4debfcdbcb770a5142d5ff47cfcd5365a715c0b40d7b6675e5a90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37811236393e4a40059991277e11bc71258755475daadb279e9eda1d6807101c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E18A62B0FAC90FE7758AAC542A1787BD2EF46764B0901FBD089C71F7DC55AD029382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B49486F Relevance: .4, Instructions: 416COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dd42f876cf5d759f5210ffd242be00a0bd8e89dfcc941272ca4c4a5d433229e5
                                                                                                                                                                                                          • Instruction ID: 7817d6da7d4f9f490e2e53eb9e4b4acf45abddb5c5d24592fe2844befeddc545
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd42f876cf5d759f5210ffd242be00a0bd8e89dfcc941272ca4c4a5d433229e5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBD16B30B1DA490FD72CAB7894665B8B7E1FF85718B4501FDE04EC72E3CE28A9029385
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493751 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 145009419497e6cb8ba35b87dc1928fe991c02a2e09ebe11a686ad7b4156c611
                                                                                                                                                                                                          • Instruction ID: facbe7d643a6d3dd8110a0de53785baedf08ea91a410d2f4bdeb802cab205db8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 145009419497e6cb8ba35b87dc1928fe991c02a2e09ebe11a686ad7b4156c611
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0091282160E6C94FE766D77C98646717FE0EF53728B0A01FAD0D9C70A3E908AD46C742
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493B28 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 69b8cfd8bf1cd9b9906f32a40c9240a2860a145a1eaec3dd3aeeb151a3632956
                                                                                                                                                                                                          • Instruction ID: 88defaa7c362647c5fb50a82a3add967e60f14611b39b27add187d8e211328f1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69b8cfd8bf1cd9b9906f32a40c9240a2860a145a1eaec3dd3aeeb151a3632956
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB513430A19A4D8FD799EF7888191FAB7E1EF45314B1105FAC41DCB2A6CA389D03C780
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4939B9 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                          • Opcode ID: 05684d334739b7b33ef84e60e6bee17d3380c5e1a1ebbfa5f6a2b7f1bdcb3d72
                                                                                                                                                                                                          • Instruction ID: 7a51a4d68776401bb5e18110a14fa91f68f3e28d65aa56a9ccdfca7c0e08cfe4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05684d334739b7b33ef84e60e6bee17d3380c5e1a1ebbfa5f6a2b7f1bdcb3d72
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0231F73051E7C95FD352A7B4486A1BA7FE0EF47628F0504FED49ACB1B3DA285906D701
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4921D7 Relevance: .4, Instructions: 369COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a041518c48c4ba8e16696a7de8fad156654890bcb38e5ba512e2e3f4a7d5121b
                                                                                                                                                                                                          • Instruction ID: 3551a25c3fee2e2ec9153fc3835f3b1687eb024e54ed4291ed683780a6c85f15
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a041518c48c4ba8e16696a7de8fad156654890bcb38e5ba512e2e3f4a7d5121b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AB14621B1EA890FE729AB7C94265FC7BD1EF45718B4501BEE04ECB1E7CE2859068385
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4948F5 Relevance: .4, Instructions: 359COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 70d8829201bbd9a23f6a8e786567dde5af14156761059b15ebd6b12f7b39690f
                                                                                                                                                                                                          • Instruction ID: 573b8cbf181934a6d11cbc07492d6a0275507e550160d67273b703749003ce44
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70d8829201bbd9a23f6a8e786567dde5af14156761059b15ebd6b12f7b39690f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47B14930B1DA490FD72DAB7894365B8B7E1FF84718B5501BDE05EC72E7CE28A9029385
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4922E5 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e832b1e762b11d05bde7833b21a9002867f125afe7d1c27187ce8cd5fe299d77
                                                                                                                                                                                                          • Instruction ID: 68edd6c2fc87c3225acc68c9b3e2d50f0a971f09087fa8881912b12014f89080
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e832b1e762b11d05bde7833b21a9002867f125afe7d1c27187ce8cd5fe299d77
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22A15A30B1EA490FE769AB7C94255BCB7D1EF49B18B5501FEE04EC71E7CE2899028781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B494949 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 85b2666163a92c16d257296018dc74d7cc5b768a70253635b1a58073f8cd01f5
                                                                                                                                                                                                          • Instruction ID: 5c94d94da53ee339afd7c81dcde7da9125ad537509f360df295d78f8378fc432
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85b2666163a92c16d257296018dc74d7cc5b768a70253635b1a58073f8cd01f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DA14930B1DA490FD72DAB7894365B8B7E1FF84718B5501BDE05EC72D7CE28A9029386
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B494DED Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 70fba2edb4ba65c6409f76ccf4ccf6873c48aa263539e4e1f50879d616168581
                                                                                                                                                                                                          • Instruction ID: 9058906a1a2aa464d78ba4b9edfa30de4398ea217634e21715d424113cabcdce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70fba2edb4ba65c6409f76ccf4ccf6873c48aa263539e4e1f50879d616168581
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12A14831B1EA890FE729AB7894265BC77D1EF45B18F4501BEE04EC71E7CE2859028381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B492258 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 96e513da65447e94b47abf6dd9832f20472ff8ed533bfdb28f3331134590bfcd
                                                                                                                                                                                                          • Instruction ID: 236c56802dcca166bcb81af756448a361023ffcc9ef6e5f2acc92899d2eca69b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96e513da65447e94b47abf6dd9832f20472ff8ed533bfdb28f3331134590bfcd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFA14931B1E9890FE729AB7C94265BC77D1EF45B18F4501BEE04EC71E7CE285A028381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B494E75 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4bdc8b65496242410fa72453bf0e39b0a0f45f0ea4f9bc7dc929c5da11b7d009
                                                                                                                                                                                                          • Instruction ID: a632cd0716d575edf8ee8929f7cc4c3fe8b17ecd33ac5ec7895949ba037d9c96
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bdc8b65496242410fa72453bf0e39b0a0f45f0ea4f9bc7dc929c5da11b7d009
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12812730B1DA890FE729AB7894265BCB7D1EF44B18B5501FEE00EC71E7CE2899028785
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493D5A Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bebcc5c1356d2365e7f318685f59c6eb10bf1e0a35c6a76ef226ae0fa0787224
                                                                                                                                                                                                          • Instruction ID: 4abe85fdfc0a1a95de18115c0989f320b4ab31f3823b17ff6c7d365c52e5980a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bebcc5c1356d2365e7f318685f59c6eb10bf1e0a35c6a76ef226ae0fa0787224
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00619D10B0EA8A1FE7A593B8587A2B97AD1EF86714F1501FEE059C71E3DD0C6D468302
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B494EC9 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c8738080a3dbf2c39ca5ef53aae5f0b2d98bce61719b0ea520e317cc85c2da20
                                                                                                                                                                                                          • Instruction ID: 4b2d37a26f71c9662ba3f9fccb84612ab4c0795c9ee680ec5d54965bd9496156
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8738080a3dbf2c39ca5ef53aae5f0b2d98bce61719b0ea520e317cc85c2da20
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B861F630B1D9890FD729AB7894265BCB7D1EF48B18B5500BEE00EC71E7CE2999068785
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B49310E Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 73f6ef5cab8e577276330ff33cdad41509c65037dc36c1119ec880da1d26e366
                                                                                                                                                                                                          • Instruction ID: 1084709e48318855c395be3f252ce73d25d6938fe1824878c97800218103aa54
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73f6ef5cab8e577276330ff33cdad41509c65037dc36c1119ec880da1d26e366
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73513712F1EA9E0FE77552B8083A1B937C1EF8AA58B5602B6D41DC72F3DC086D025342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B49225D Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 48f5aaf3847633482d5eb3557617743a1f7b011051e9d6d0998292ebb12ca35d
                                                                                                                                                                                                          • Instruction ID: 4bcd064065f2030e335b5df4116dfcd3136d8b213f1cc3db8014f0ddc13ec5f9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48f5aaf3847633482d5eb3557617743a1f7b011051e9d6d0998292ebb12ca35d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61516D23B0E94A0FD369BBBCA8665F577D0EF8622870901FBD499C70A7DD09684743C1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4934E1 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4a0f835709c0d4850f8e8c7dd44351394d772f04969a5fa6f1d9be80d912294c
                                                                                                                                                                                                          • Instruction ID: 1988eb0832e9dd0dd73794cd6314ce022935974bc7d74243c10f0b0fe3e88614
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a0f835709c0d4850f8e8c7dd44351394d772f04969a5fa6f1d9be80d912294c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5951BE30B19A0C8FEB94EF6CD859AE977E1FF59314F1501BAE409C32A2DA35AC41CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B492C25 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b5873dd5881927fb34aecf30cfce5cc2288ae8641bd6e11684408ad713fe3dfa
                                                                                                                                                                                                          • Instruction ID: 961a9f5e20e0ff3ce29c05e47ec7241505e48bcb511896dea6e14537ec339c5a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5873dd5881927fb34aecf30cfce5cc2288ae8641bd6e11684408ad713fe3dfa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89412612B0FB9E0FE7BA56B844352A82BD0EF46A54F0602FAD058CB1E7E90C5D4B9341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B491D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ee14ccd9be10f90a2c7fa3697a9859d7e15eb232f2d8f69fef6e35509c9463da
                                                                                                                                                                                                          • Instruction ID: 1cb8a38daca1f2c1cdbceff1a27188dd57f53b0fc3b63173262e9b0c08beefd9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee14ccd9be10f90a2c7fa3697a9859d7e15eb232f2d8f69fef6e35509c9463da
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14411611E0EB8A1FF7AA967848756A43BA1EF56654B0601FBC458CB0E3ED4C5D4A8342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493BE2 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f10717c025aa72de155916a3626e22ced130977fc4756841e74a2385df2707e5
                                                                                                                                                                                                          • Instruction ID: 2b8ac477f6281661391c5e4db20b82216f326de8aec07cc4927a8b6ea1665dc9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f10717c025aa72de155916a3626e22ced130977fc4756841e74a2385df2707e5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A413430B19A4D4FD799DFBCC8592E977E1EF45714B1508FED819CB2A2CA28AD02CB41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B491C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 92a0d3aaed17cc176f48ff47ace37e1611b8fb3bc323745b2619a9242556e431
                                                                                                                                                                                                          • Instruction ID: fbbe0e52070f2730414d4ea3795a568600949b39f13d696af102346d16c510ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92a0d3aaed17cc176f48ff47ace37e1611b8fb3bc323745b2619a9242556e431
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E41E33091E7C95FDB2A9BA958646F57FA0EF13329F0801BFD099C21A3CA582416C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4951FD Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f701747f23658e2cc42600cf96df9f417a44b4af721d9c5d746260233ca1267e
                                                                                                                                                                                                          • Instruction ID: 33afd033af7b851e5e567c3702c720c8e80d73b8468e46132566e9c6cd8fa435
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f701747f23658e2cc42600cf96df9f417a44b4af721d9c5d746260233ca1267e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28413B12B0FB4E0FE7B592BC14792B527D1EF95A24B2600FAD04DC71E3ED08AD465342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4941AD Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: afa7325f8cafebd315618f3325b1301762f66fe99d4a820856e5c13fdfc5e554
                                                                                                                                                                                                          • Instruction ID: d0770d15e545eb97b6f1b4d0c3cb0e831a513495231e9e3a070876c71223104f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: afa7325f8cafebd315618f3325b1301762f66fe99d4a820856e5c13fdfc5e554
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B311630E1A61C4FD768EBA8C8565F97BE1EF49710F0502BFD409D72A2CE286D118791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4902E0 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a7511be5a391ba30026219963c230f6d2045f8a7733c64feb445c0cda1a36abe
                                                                                                                                                                                                          • Instruction ID: b334c7da32bbbe941b70e4e487b6896799d1e34868b39454febe8fe6348fb9f1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7511be5a391ba30026219963c230f6d2045f8a7733c64feb445c0cda1a36abe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC31F770F0A61C4FD768EBA8C8555F977E1FF49724F4141BAD40AD32A2CE246C11DB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493ECA Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 51f41472114fd8627a1b28881d06dd73d40b61435fbc2b7d2a83211652bd2ba3
                                                                                                                                                                                                          • Instruction ID: aa2303e43d636319ef4e922d8044b19b6e9a715833986c7312db1ccc5c29ef27
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51f41472114fd8627a1b28881d06dd73d40b61435fbc2b7d2a83211652bd2ba3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD11E920B1D50E5AEB64AB6854F56BD61C2FFC5B18FA1593CE01FC22E6CD2CF9411601
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f3806c8a42dee169c0dfadb9a06870ba6249b648c65239ed1effc851e4def48e
                                                                                                                                                                                                          • Instruction ID: 68b1133ea6a6f7e044d27875454af783d97870ed1c5fc6300c213e6072618c90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3806c8a42dee169c0dfadb9a06870ba6249b648c65239ed1effc851e4def48e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DF01D11B5AC5E06F37621E816A62B961C1AB4AA2CFA60635D83DC62F2DC08AA522552
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B495491 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e06dd2c9e298e06269f9966c88ca070057729a5cabe0f91293bd606bc2c4fdca
                                                                                                                                                                                                          • Instruction ID: 1e7ad8687a8a489876e41a50bb8450da053f85143b6df8b9d2e0e3d259dde837
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e06dd2c9e298e06269f9966c88ca070057729a5cabe0f91293bd606bc2c4fdca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCF02220A5F6C94FD7A393BC48706627FE0CF07219B1900EAE0D8CA0A3D88C0D85C342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4927D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000A.00000003.2331328948.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_10_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 93cf5aacaa3026acf39e252800ffc57ec0fa43b80f8df4008369a67914db63ca
                                                                                                                                                                                                          • Instruction ID: 8adbff31f14a59e48ac99d4f04ede518e311642460e879845901edf7a5f28b57
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93cf5aacaa3026acf39e252800ffc57ec0fa43b80f8df4008369a67914db63ca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE07D32A4F94C5BCB10EA9A6CA04CA3B98FB8D318B01016AF48CC3251E2525511C351
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 014C17F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: 1c7d1320f5e26005c43ebb324987adc5312b0e053265e6b1ae2d0731085a9a5a
                                                                                                                                                                                                          • Instruction ID: e6393fcfe20e909683bbdac43e31a24ae69223b1cc6b5bc314ceb42be0f2bb46
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c7d1320f5e26005c43ebb324987adc5312b0e053265e6b1ae2d0731085a9a5a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C21F731D0070ADFCF11AF78D8448AAF7B5FF45701B1586AED8096B222EB31E994CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C17E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq
                                                                                                                                                                                                          • API String ID: 0-847773763
                                                                                                                                                                                                          • Opcode ID: 4777640848558aa8d5d1e6474a0765171a07135f75ecf1c8b048edf378d60394
                                                                                                                                                                                                          • Instruction ID: 8eba21161897c69e21fd23ae8b83a70ad022b36f45b218f99d87e5f3beef4dc7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4777640848558aa8d5d1e6474a0765171a07135f75ecf1c8b048edf378d60394
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF21F43190074ADFCF119F78D8144AABBB1FF45300B0586AED4496B232EB31D984CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C0848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a289fa80751e1bb945095c0c7c6fe531a823c2b7c5fa8446f5413c4d8193f4c6
                                                                                                                                                                                                          • Instruction ID: 667864179d9eb28d1214bec3e4c86d2e76cdb74f43e09e3c21ee1d16b2f49182
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a289fa80751e1bb945095c0c7c6fe531a823c2b7c5fa8446f5413c4d8193f4c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42619F38A00315CFDB55DFB8D5546AE7BB2FF84A00F10856EE805AB364DB3A9C46CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C15A2 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7057198e473802b078c81f69ad4ba76de5ed962b7c01ee790187a9ca2345b424
                                                                                                                                                                                                          • Instruction ID: 69728e5de660cbb87e8316875a3993278ddc8d7f4c2eb093bdf3bd99d3d948f9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7057198e473802b078c81f69ad4ba76de5ed962b7c01ee790187a9ca2345b424
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC516032E50B06A6E710DBB4CC45699F371FF9A700F21CB1AF6483B191EBB0A5C4C691
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C15B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9d3c007ca96b81131290984f288c16a4e1785ae54b97e962e89d85183e0cdc64
                                                                                                                                                                                                          • Instruction ID: d446ae67aa04b0df478415fabf7a328068132c2d8d47a6aa60cbb11d2c5775b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d3c007ca96b81131290984f288c16a4e1785ae54b97e962e89d85183e0cdc64
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD513E32E50B06A6E710DBA5CC45A99F372FF9A700F61CB16F6483B191EBB0A1D4C691
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1DC8 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ede4f040aef16da309d3065497b036ba79516086788066d734efef8ffaeca3cf
                                                                                                                                                                                                          • Instruction ID: 71c8cfd52b89f133b578a4624968c9eb374d121ea77358e6d39b4402045f50f4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ede4f040aef16da309d3065497b036ba79516086788066d734efef8ffaeca3cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76417C36E00B4A9BCB01DFB9C8904D9F7B2FF95310B11C62AD559AB125EB30A596CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C0F20 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a503c90412ce0c0a42fbbc6f04188364503a4c3ed335844e19ab320cef86d93c
                                                                                                                                                                                                          • Instruction ID: ad09b13bcbc83812ef7bb108975cb7793040596bd3670f88f96c89b62d4c6b0f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a503c90412ce0c0a42fbbc6f04188364503a4c3ed335844e19ab320cef86d93c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D3123392083954FC352A77CA0A01A97FE6DFD2621F09089FD0888F1B2CA744C8AC362
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1029 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ef1092e1e0dd27b009ffba064508c86f6e4f6c0fc267c7bc0413240b1355703e
                                                                                                                                                                                                          • Instruction ID: b1263798656e7dfd58d9a144175346b3d00009a2caec746c192d97e335e16281
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef1092e1e0dd27b009ffba064508c86f6e4f6c0fc267c7bc0413240b1355703e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7641A174B0060A8FCB14DF76D9945AEBBF3FFC8701B00852ED50A97269EB35A906CB50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1F34 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0e037286bdfd7186be0cb5df43a7a67d1ef5277f4cd307c9eea1eaae58c1de03
                                                                                                                                                                                                          • Instruction ID: 19bb4e5f52cacac26afaf1e6f835b02d94db30dd54b54bbaf20aebde6d3db3fb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e037286bdfd7186be0cb5df43a7a67d1ef5277f4cd307c9eea1eaae58c1de03
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1741F4B5C003499ACB14CFAAC984ADEFBB5AF58704F20812AD459BB250D7756A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6c536f4f3d1f11c5b491b932ec807bea8242570fe948da81428429a80d7f78e8
                                                                                                                                                                                                          • Instruction ID: cdb3a7bb34a347d3bb263da6dc77a360c8ab6c05c0a987353e5d92119f86fd7c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c536f4f3d1f11c5b491b932ec807bea8242570fe948da81428429a80d7f78e8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5318236E00A0A9BDB00DFB9D8904DEF7B2EF94710F11C66AE505A7221FB30A595CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1934 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f844dc10dafa3e78e6193b912b86a4c0cd9001db5d65c4c5d65a00dac8416d5f
                                                                                                                                                                                                          • Instruction ID: e75a81771380dc35d54f3fc154674d4d385048dc416fd8407581ce37c43ef7a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f844dc10dafa3e78e6193b912b86a4c0cd9001db5d65c4c5d65a00dac8416d5f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D64103B5D01248DFDB54DFAAC984BDEBBF5AF48700F20802EE419AB261DB355906CF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C11E4 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a32b7801411a23c3e2553fcc6d872694bc7d7471caf0cd7eb3f84835fe46b818
                                                                                                                                                                                                          • Instruction ID: 7953394dc1147c694b8ce24f0e645c35667e319c36051bdc398e9a58a83bb8e0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a32b7801411a23c3e2553fcc6d872694bc7d7471caf0cd7eb3f84835fe46b818
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F4125B5D00248DFDB64DF9AC984BDEBBB6EF48700F20802AE415BB260CB345946CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f5529a438aac48d086d73b21fac7a82a8172c4bf256caa6856d336cedb488b9b
                                                                                                                                                                                                          • Instruction ID: f272d19915694239192344ae84203286976057261aea1aea9b5b32a3152c2d0b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5529a438aac48d086d73b21fac7a82a8172c4bf256caa6856d336cedb488b9b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4441F4B1C00349DACB10CFAAC984ADEFBB5AF48700F20811AD419BB250DBB56A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C11F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 461db5dd66b6273a19aeb396cb7e375d9caefba2243a0ce99cd0f89ffe529885
                                                                                                                                                                                                          • Instruction ID: b79573e0d2d0096a15a1f258c39c67131e78a457a9c7be1edb5ed0815d05cb6c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 461db5dd66b6273a19aeb396cb7e375d9caefba2243a0ce99cd0f89ffe529885
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA3106B5D00248DFDB24DFAAC984BDEBBF6AF48704F10802AE415BB260CB755945CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fafa0c309767cdca1b21510a064a92f35b560ef6c5e8d07c8a6d769c6497e7ae
                                                                                                                                                                                                          • Instruction ID: 9bb2dfd287f6db2d6ba42dae4bdef3b548c2bf59155969bcb9aa214ec6874c96
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fafa0c309767cdca1b21510a064a92f35b560ef6c5e8d07c8a6d769c6497e7ae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C3112B5D01248DFDB14DFAAC984BDEBBF6AF48700F10802AE409AB2A1DB755905CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C0830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e679581f8d1174ac557efcf69ec7bb5154a1bc79537fab34cc798258c413ce4b
                                                                                                                                                                                                          • Instruction ID: 40d4bbb7ce3a8ca0cb54f0a7a02317743c5303d8e36e80172231f1cf055081e7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e679581f8d1174ac557efcf69ec7bb5154a1bc79537fab34cc798258c413ce4b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA21F93C6043418BDF659A7889102AF77B2EBC5A04F04426FD949973A5DB3EDC0AC3D2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1BA4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 81f36d26dfed3b86926f4ecfef8305b4bb17153b56f98b699a9f7d5bed39929d
                                                                                                                                                                                                          • Instruction ID: 851e240f78b8144fd177599fd12fa36faa3f1356dac8d450147a42d444f24059
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81f36d26dfed3b86926f4ecfef8305b4bb17153b56f98b699a9f7d5bed39929d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5731E2B5C00258DFDB64CFA9D884ADEBFB9BB48710F24802EE419BB251CB755946CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1CB4 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5ba42a3d8ca7d332190c6ad95b7c3498d4d1f1cb23b7a75caffdec21f884e7c2
                                                                                                                                                                                                          • Instruction ID: ef74ca299ec04a37d581464448845f9c2dac0c5493fe25df097af92d6f71b0c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ba42a3d8ca7d332190c6ad95b7c3498d4d1f1cb23b7a75caffdec21f884e7c2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D23102B5C00248DFDB24DFA9C585ADEBFF9AF48710F24812AE419BB251CB356946CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 785e7b2a907a9baef978538308a2b3e3702690c43a6385427e56e85209afed1e
                                                                                                                                                                                                          • Instruction ID: 33f407a297e3f1104e64d03734dcd4c62d0831bb8f84aad5bfa3a8a362e9f6b4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 785e7b2a907a9baef978538308a2b3e3702690c43a6385427e56e85209afed1e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC31D4B5C00258DFDB64DF9AC484ADEBFF9AF48710F24802EE419BB251CB756946CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e81f7894b06115699aafdd25873969d0718ef0ef3e243fd97bb58cc9163e4b14
                                                                                                                                                                                                          • Instruction ID: 88759b00494a361d729a86ce900424caddb46997191d489915afd0cf3e8e454f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81f7894b06115699aafdd25873969d0718ef0ef3e243fd97bb58cc9163e4b14
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5721F0B1C00258DFDB64CFAAD884ADEBFF8AF48710F24802EE409BB251CB755845CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1188 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7c63eeac93e88facceec68b24ad4fc2e378ae08a39a6b04d196b7ae8cfd5df29
                                                                                                                                                                                                          • Instruction ID: d1c6a01ccfbd7dbede6d20412a17acb452e077b29eebc822e625029993710136
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c63eeac93e88facceec68b24ad4fc2e378ae08a39a6b04d196b7ae8cfd5df29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2F08274A05209EFCB45CFB0D8908AD7BF6EB9522071086AED909CB121DA399E079B60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C0F80 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e9dc3149680a8cbebdaabc8b04d2706583b990ecf4a9672619bd9675ec61f07f
                                                                                                                                                                                                          • Instruction ID: b16191c7e7e8a0c05a72e266ffe8c0f04ecd5b3aa8ce9fffd11f0f891276db4a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9dc3149680a8cbebdaabc8b04d2706583b990ecf4a9672619bd9675ec61f07f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41E0E5381483444FC3655629A0901BA7FE9DFD6731F05056FD48A8B261CA781C87C761
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C18E0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 76ed67869cbc827897312247781b8feee6ec99e27ea4137474239f0bfdad1e80
                                                                                                                                                                                                          • Instruction ID: 7474a15bfce186a453063990737aeb7f8649a02dd88fb3f26bc46a221ce4cc11
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76ed67869cbc827897312247781b8feee6ec99e27ea4137474239f0bfdad1e80
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11F02734A01306EFC744CF7088904A97FF6EFC2214311C1EEC409CB025DA348E07A710
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C0AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a21c0b11e22bb7e28c13d49c563c5f4615dce9041bef35ced452ab83058dcfb7
                                                                                                                                                                                                          • Instruction ID: 045a5e6ad6354be2740fd73a274cc63f24acf4046b6a9b0cf216a740371b3a02
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a21c0b11e22bb7e28c13d49c563c5f4615dce9041bef35ced452ab83058dcfb7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54F0FE70901219EFCB40EFB8E54459CBFF1FB54211F6045A9D40DA7268EB355F449B40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C0B3A Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 668f2b834d12be2e6477f8023d23b7904d806c544e89056904005b66cd3c72a1
                                                                                                                                                                                                          • Instruction ID: 967c910b27794c21ee03170547f2ba8df136a9613fd00cc4399c7ad9d89036f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 668f2b834d12be2e6477f8023d23b7904d806c544e89056904005b66cd3c72a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43E08C35648B604FC38AEB6D90801D97BE2EFE9231B05466BD9088F225DF785C0687F1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C1198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bebd7f86e16e498bad1011319acc2f111f77b5f37393433d73df4a062393fe03
                                                                                                                                                                                                          • Instruction ID: efda8638925eaa2d9447ecad95890917c0d831c66ec7291370995374e87c853f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bebd7f86e16e498bad1011319acc2f111f77b5f37393433d73df4a062393fe03
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65E09AB1B01209EB8B00DFB1D940C6EBBEAEB9420470085ADE6098B224EA319A019B80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014C09B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000B.00000002.2320181990.00000000014C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_14c0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 24c700e208ab6751abfe660f0f0fb35a8ebf97fef747940dfa969f32b2746aac
                                                                                                                                                                                                          • Instruction ID: 70b6396117be32780ad33b147c3995ec6ededb5da988dbae0ed266d102d9f228
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24c700e208ab6751abfe660f0f0fb35a8ebf97fef747940dfa969f32b2746aac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72D06779700219CFCF00DBA8D4485DC77B0EB88615F0001A9E109DB260D77598558B91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B400FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000D.00000002.2323140021.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                          • Instruction ID: ab1561c18d3dc3b2a34e2238a8a510388268936922be1a83ddee7623dea4f1f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2971C853B0FACD0BE776069C6C61135AF91DB97668B0903FBE0C8861FBD85A9E05D381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B40135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000D.00000002.2323140021.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                          • Instruction ID: 62de078f7a369aa7830a40a7e6cdda806884d609bd3aed979f34ace8eae38558
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21B431A0CA4C9FEB18DBA8D849AE9BBE0FF55321F00422FD049D3652DB756856CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B400E47 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000D.00000002.2323140021.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3c53ec56824a984e9866b74c6d30c16dbec79e39735ddeca35cffb3a5ed9d285
                                                                                                                                                                                                          • Instruction ID: e6a999e1e95155caf947015094c0ed73805b27ccabfdf950a8ed0e3473359d91
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c53ec56824a984e9866b74c6d30c16dbec79e39735ddeca35cffb3a5ed9d285
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F0B430A1DA480FD715AF78A8528E97BD0EF49364B2405FFE04EC7197D93A95838283
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00EF1039 Relevance: 3.9, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: pU$pU$O
                                                                                                                                                                                                          • API String ID: 0-75240733
                                                                                                                                                                                                          • Opcode ID: 319b65aff7e7a72ce5e797a2107e48506bb3ce15aa8842fbd4dfcfefefda7758
                                                                                                                                                                                                          • Instruction ID: 4d07ef01ae16c972a7c681c6ca5bc1a2f6821bda1e92c757d2f1f4d49ecbe06f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 319b65aff7e7a72ce5e797a2107e48506bb3ce15aa8842fbd4dfcfefefda7758
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61313171B0060ADFCB04EF76D9556AEB7F3FFC8305B508968D11AA7264EB31A9068B50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF0848 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: <P$<P
                                                                                                                                                                                                          • API String ID: 0-483048944
                                                                                                                                                                                                          • Opcode ID: b1ee289ee56006b746604cff5abbec3060873ff69d17ff283a9fbc77901fd7fc
                                                                                                                                                                                                          • Instruction ID: d6f9521be72add9f272efb1bc75cae6a37f0304e10aea25dd2b03b30eb0d8072
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1ee289ee56006b746604cff5abbec3060873ff69d17ff283a9fbc77901fd7fc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7251BE31A007198FDF14EB64C5186BE77B2BFC9704F10942AD905AB356EB759845C781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF17F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: 92720166e5feeeaf72b75405ee49080f8a06fa384aab1f335ad89f7833bef6a8
                                                                                                                                                                                                          • Instruction ID: 06c5fc965e2ff836d642f19cfb8ccf5f45da6dd8b92c28de325d9e881b9f279c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92720166e5feeeaf72b75405ee49080f8a06fa384aab1f335ad89f7833bef6a8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F221B132D0070DCFCF14AF69D8444A9B7B1FF89305B1586AED5096B221EB31E988CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF1DD9 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: tf
                                                                                                                                                                                                          • API String ID: 0-2685334294
                                                                                                                                                                                                          • Opcode ID: 39ec154bfc7f30f13881d6b9e086a333cc8c96c8396d611bf512ee260bec1b37
                                                                                                                                                                                                          • Instruction ID: 25f4a9403720ffc2da953ce16c708064d833ad8e568f1fd48107ef6de0962905
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39ec154bfc7f30f13881d6b9e086a333cc8c96c8396d611bf512ee260bec1b37
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D413032E10A4EDACB00EFB9C9504EEF7B1FF95304B11CA5AD959B7114EB30A595CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF1F40 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 0f
                                                                                                                                                                                                          • API String ID: 0-226299295
                                                                                                                                                                                                          • Opcode ID: 6706d153eb209acadf31f3611d561f28be067d1b80e15b6fb2ee01536cb8a1ac
                                                                                                                                                                                                          • Instruction ID: a4880d4166081199d2632af951269ad9993bf25a2b3afb300dfa50f3ad0bf41b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6706d153eb209acadf31f3611d561f28be067d1b80e15b6fb2ee01536cb8a1ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B4104B1D0034DCACB10CFAAC945ADEFBB5BF89304F20812AD519BB240DB746A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF0AD8 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: PW
                                                                                                                                                                                                          • API String ID: 0-3705201942
                                                                                                                                                                                                          • Opcode ID: 848005055a91d2340132924e85f877b9d81c6df8fa59b7caf80b0a573e1356ea
                                                                                                                                                                                                          • Instruction ID: 1e4bf85ab92bdba7764d5ff014feb318fe837cfd2ea62cd82210056b9c5eb318
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 848005055a91d2340132924e85f877b9d81c6df8fa59b7caf80b0a573e1356ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09F0F875901218EFCB40FFB8E94559CBBB1EF89301F9045AAE409A7254EA306B449B50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF0B39 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: hX
                                                                                                                                                                                                          • API String ID: 0-367658503
                                                                                                                                                                                                          • Opcode ID: b508794fb64c0c736fed6745fe81d74454595207c8b86761c1da6458506ff3de
                                                                                                                                                                                                          • Instruction ID: 1f45a4cb0fb5ded72b7056996e7b2e0db2103c588cf5708a9c8312046d2a44eb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b508794fb64c0c736fed6745fe81d74454595207c8b86761c1da6458506ff3de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1E0CD52719F940FC3476B7C68201682FD2CBC631174955FFD145AF15ACE542D0D4795
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF15B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f9ac1cc6ddc01b7b233a7b6f7e8e5aa858efac1d982092a59886fc1b9ee5eaa8
                                                                                                                                                                                                          • Instruction ID: df2a3ce06c250247b18add42cc91767a5ef0626e85c9aa0fcf827ac0f9ef1b88
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9ac1cc6ddc01b7b233a7b6f7e8e5aa858efac1d982092a59886fc1b9ee5eaa8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA512E32E50B06A6E710DBA5CC45A99F371FFDA700F61CB16F6483B191EBB0A1D4C691
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF11F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7d2e8296c18f3a62391618a2e1c235c6cc793054a428a0eb8366cd3f6be8065d
                                                                                                                                                                                                          • Instruction ID: e4547012b29fb89384d89918540e96a658b25ec4acf4a9044cabbc4bb7e1eac7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d2e8296c18f3a62391618a2e1c235c6cc793054a428a0eb8366cd3f6be8065d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F31F2B1D0124CDFDB24DFA9C985BEEBBF6AB48304F10806AE519BB250CB705945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF1940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 592c25727b0d8ff1baa0737510d82fb9dbb33786f9885193376d5a61731c8120
                                                                                                                                                                                                          • Instruction ID: 92846cfa8ac5584422aa2cc9088b754d54a6b46cc2415c694ec8877a7bb1ca4d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 592c25727b0d8ff1baa0737510d82fb9dbb33786f9885193376d5a61731c8120
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 123102B1D0124CDFDB14DFAAC985BEEBBF5AB48304F10806AE519BB291CB745905CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF1A9D Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 255bc143a5a7d1f14ff16689ea6d6558b717230730c2edd101136c684edac08a
                                                                                                                                                                                                          • Instruction ID: 0f6ce9f7bdba7a20fcab4ce4fd7fe7dbe0eb92f8f9a6d450e5d8e69074c85ecc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 255bc143a5a7d1f14ff16689ea6d6558b717230730c2edd101136c684edac08a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2311E32E11A0DDADB04DFB9D8905EEF7B2FF94350F11C66AE515B7220EB30A5958780
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF1CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b72df5f2ad0b8d0b3bd3e545a9b8f6ded33fe0715f7b9bd6db61c27ac047a35f
                                                                                                                                                                                                          • Instruction ID: 3a1213bb4b8374e466b3a5fbacd8af06ec205ea08e687af0c48a73b99c82068d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b72df5f2ad0b8d0b3bd3e545a9b8f6ded33fe0715f7b9bd6db61c27ac047a35f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F531E3B1C0024CDFCB24DF99C884AEEBFF9AF48310F24806AE519BB240CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF1BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3b7d69aff3da153c3d40c73f1a176332afa69e6a62a2054a243246aa5e8471a1
                                                                                                                                                                                                          • Instruction ID: a59f6165770b0401f43a7b8ae97ba60e15de8480caafe3f6ee2b674de46f69e8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b7d69aff3da153c3d40c73f1a176332afa69e6a62a2054a243246aa5e8471a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3021CEB1D0025CDFCB14DFAAD885AAEFFF8AB48310F24806AE519BB240CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF1BAD Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c63893db6c400248f0c88e54c2118cd2168284d4899555322ffad2894c83d61
                                                                                                                                                                                                          • Instruction ID: 267a2933f1215a5944287af66a2a72c3f64f53de81e32bf2b8b7cb8abcf05d83
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c63893db6c400248f0c88e54c2118cd2168284d4899555322ffad2894c83d61
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8321EEB1D0025CDFCB14CFA9D985AAEFFB9AB48310F24806AE419BB250CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF0830 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 09b27f0430ba6d26d50cc5e109649e2e710f19da5ac8398d33b8f0e6e47e308a
                                                                                                                                                                                                          • Instruction ID: 8ac183b5048c5a8255c97186fee3cfe3addc39126305e950eb814e667a39e06c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09b27f0430ba6d26d50cc5e109649e2e710f19da5ac8398d33b8f0e6e47e308a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B611B231A047498BDF16AB70841027E77B36BC5708F04545BCA49A736AEB359C0AC381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF0F95 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b112b052cb41a69fd55b642a4d41fec8bf2e1e8614c2a4e66d8cf594d88c0532
                                                                                                                                                                                                          • Instruction ID: 837a25e2d0d39707fe32be837d9d3469cf52165c23e8474789c50b48480ffd09
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b112b052cb41a69fd55b642a4d41fec8bf2e1e8614c2a4e66d8cf594d88c0532
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F06273300A1C0BC618A3BDE05127DB7C7CBD4362F15A93AD20EAF656CF646D858351
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF1198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b9ed65655709b3e15c94b0231bc4afccb0dd0ed4a6597a6543fcc540b916357c
                                                                                                                                                                                                          • Instruction ID: 2a68f4d00732a17dddb58af737893eb3d8c94d5d4265507eef44971b17b61587
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9ed65655709b3e15c94b0231bc4afccb0dd0ed4a6597a6543fcc540b916357c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE01271B0520DFB8B04DFB5CD5196E7BEADB85305740C5A8D6099B150EA31AA059790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF18F6 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3cd1fed09bc6831fa0b408d7661f072c8cf629ba462e70ccc03a098775a699a2
                                                                                                                                                                                                          • Instruction ID: ce3a5ebe1727b3e9113ffe4beb39614b9f2607aab5edce109de3960909f4977c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cd1fed09bc6831fa0b408d7661f072c8cf629ba462e70ccc03a098775a699a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CE08C30B0110DEBDB04EF71C99196E77A7DFC2308704C9AC910AAB150EE31AF06AB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00EF09B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000000F.00000002.2327925722.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_ef0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c50fe604fc29d6318e2ff135f1228c5114ee3606d686fcd1ffca69631313f175
                                                                                                                                                                                                          • Instruction ID: cd689cd679a5c92c1f74f96f8c663240cc6c1067f5313ed75f642d6d8a8f4ac0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c50fe604fc29d6318e2ff135f1228c5114ee3606d686fcd1ffca69631313f175
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1D09E75700619CFCF00DFA8D4485DC77B0EF88715F0000A5E209EB361D7759855CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B410FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000011.00000002.2331155960.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_7ffd9b410000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6f921f34c6bdaf09e0fa34536dca7dbc3a82858a309ceaae127c801169256da7
                                                                                                                                                                                                          • Instruction ID: 753bc90c62311b83dec59603d7a87bde86e83c1932998b24ecbe5bb62197eb15
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f921f34c6bdaf09e0fa34536dca7dbc3a82858a309ceaae127c801169256da7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A71D653F0FAC60BE375469C2C221356F96DFA66A470951FBD0C8861FFEC469A05D382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B41135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000011.00000002.2331155960.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_7ffd9b410000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 216440a75b9a27ae5e79df05f218aa08174c63dc9ac201752af063661b181d97
                                                                                                                                                                                                          • Instruction ID: 84df70b5158df76b8f28e6c1fb901069c7f50b7477ff7d654941fc36dffbde76
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 216440a75b9a27ae5e79df05f218aa08174c63dc9ac201752af063661b181d97
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4121B63190CA1C9FEB18DBA8D849AE97BE0FF55321F00422FD049D3652DB756856CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B410E47 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000011.00000002.2331155960.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_17_2_7ffd9b410000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e146b0cd194ea922515172a4dbda51c805289d99692ef8d72ee43626feadf68a
                                                                                                                                                                                                          • Instruction ID: cd77fa10c8f8d0c87ab82d5310d2c83057d5aea212a136f5a90d06e9a8448b08
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e146b0cd194ea922515172a4dbda51c805289d99692ef8d72ee43626feadf68a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43F0B471A0DA484FD714AF78A8128E97BD0EF54368B2405BFE00ECB196D93A95828682
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4C12C0 Relevance: 2.2, Strings: 1, Instructions: 904COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2A_I
                                                                                                                                                                                                          • API String ID: 0-941469806
                                                                                                                                                                                                          • Opcode ID: 2b697baabb408ff4220a691e26d72ca753dfaff69efccdaae5a70b8423a8c6d1
                                                                                                                                                                                                          • Instruction ID: bc487dd3ae76c30503aec8f6c292179fc3ab86a9d791964b5d4c139654ec33f4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b697baabb408ff4220a691e26d72ca753dfaff69efccdaae5a70b8423a8c6d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D526B63B0FAC40FF73956AC58251B96BD2EF85B54B1900FFE089871FBE815AD02A345
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C1518 Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b699f00a10358a9f4394ee33eebea0a53bfbc68cb026a191af3e9d1ac4883149
                                                                                                                                                                                                          • Instruction ID: fe9aeae1bea865cee6293d8e097d143acde90c7f5dc4d18a49be572c9f30a3d7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b699f00a10358a9f4394ee33eebea0a53bfbc68cb026a191af3e9d1ac4883149
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BE16972B0FA890FE779A6AC54291B86BD2EF45714B1900FFE089C71E7EC15AD029341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C3751 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 84ca81ee5b2f958e4fc27fb7f53ec01f5ba47bd88bd313673e224383297380d5
                                                                                                                                                                                                          • Instruction ID: 866bf559612407c586501a9f380e992e328332b4c3b62cd01a68026e7b494401
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84ca81ee5b2f958e4fc27fb7f53ec01f5ba47bd88bd313673e224383297380d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5691482160F6C90FE766A77C98756B17FE0EF43728B1901FAD0D9C70A3D9186846C752
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C20FA Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 215a1ed0d6e97de70aef54d2f9f2445a2beeada7da7479eedcb8221d9a3cb3c6
                                                                                                                                                                                                          • Instruction ID: 74508ea2207f74cbe679178a73d587d841ba15f1b0181423df05edc99543c14e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 215a1ed0d6e97de70aef54d2f9f2445a2beeada7da7479eedcb8221d9a3cb3c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADA10613B1E16A0AE319B7BCA4A65F53FA1EF4523870842F7D0DD8B0E7DC49648A8295
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C449D Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c4c872bfa610a5ce8748833792e4ee28ea0efadc26a728cd47ac152dbba25f86
                                                                                                                                                                                                          • Instruction ID: 435da75c3b078a59cb816046ce30852262bdafc1d44383da73a8e8d4f612d623
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4c872bfa610a5ce8748833792e4ee28ea0efadc26a728cd47ac152dbba25f86
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86612311F0EA5A0FE7B962A805753F93AD1EF85B18F1600BED549C72E7EC0CAD466381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C410E Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2e13124eb972c59bee0cfb378d2e5e05749f3ac120411b8c77e73058262dd8b5
                                                                                                                                                                                                          • Instruction ID: 185d4f1f02939def8e0fd06e67393dfb0fca9068012c428c8b1f3961da82de47
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e13124eb972c59bee0cfb378d2e5e05749f3ac120411b8c77e73058262dd8b5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37516F30B28A098FDB58FF6894566B973E1EF58308F10417DE41ECB297DE36E9458781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C34E1 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1e9c549410b54632115b7ef3a5791cd279acf186a03f969c1bc2965c5154cefe
                                                                                                                                                                                                          • Instruction ID: 6f07a93ddc3f0734e8f42ec0e76c61bd0ed04843ccb8754db7f4458c1dd448c7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e9c549410b54632115b7ef3a5791cd279acf186a03f969c1bc2965c5154cefe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B516D30B18A0C8FEB94EF6CD855AE977E1FF58318F05017AE409D72A2DA35AC41CB41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C1D90 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 957b3913539077176c18212a23148c086589462fdaa1d233a43821d379ac6cc3
                                                                                                                                                                                                          • Instruction ID: f1da51104de76e2bcea4dd3b933bd4c89631ec2445d92eb2f0540438fcd0df28
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 957b3913539077176c18212a23148c086589462fdaa1d233a43821d379ac6cc3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5414711E0EB8A0FE7AA666848756F43BA1EF56654B0601FBC048CB1F3ED4C6D468342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1e10695742589c4159a5c93268e8f42fc803213b020c6ae9a1c6a938ac7b56a4
                                                                                                                                                                                                          • Instruction ID: ace3c78345a2b124d9931b384f1a3011989fb42bcc4000df4a027ff8e82fa987
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e10695742589c4159a5c93268e8f42fc803213b020c6ae9a1c6a938ac7b56a4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C41D53191E7CD4FDB2AABA958655F57FA0EF13329F0401BFE089C31A3CA582516C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C2C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fee2d332b3bcc9061f532ab440e251e179f875e338c4b13f42d619baae66fd84
                                                                                                                                                                                                          • Instruction ID: 21240b2b1b79aa9dfe719424baced82e864a2befeca26cdf45b87294abe55ab4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fee2d332b3bcc9061f532ab440e251e179f875e338c4b13f42d619baae66fd84
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C214812F0FAAA0FE7BA72B854751F92B91AF46A24B0602FAC058CA1E7DD4859435381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C39B9 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 106ffc2ebcf6f99cc82fc22550bff10676b024e82d160dc62c623653b7447933
                                                                                                                                                                                                          • Instruction ID: 8b34f3875263623f5598f622434fbb9a3db2efc3a7a61a50416e49eec2d6be4a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 106ffc2ebcf6f99cc82fc22550bff10676b024e82d160dc62c623653b7447933
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6212830B2A68E8FE751FF6884616F677A2EF46708F1641B5D81CCB2A2C976E940C701
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 73787e7e3e31795cfc448f24f5629eb6e8174edfbc58c290e68c6c57ed3907f9
                                                                                                                                                                                                          • Instruction ID: 69a373947f70b9382f0535e97c47426ae39bf1484c867d53b63bdbef7c475865
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73787e7e3e31795cfc448f24f5629eb6e8174edfbc58c290e68c6c57ed3907f9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F08611B1FC5F09F27731EC16B62F961C1EB45A2CFA61535D82DC61F2DC28FA522542
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C48A1 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e75f7fb7380c726548abcf3f23e1444cfd9b3673e7deea0476d88528b0b6ac32
                                                                                                                                                                                                          • Instruction ID: 060e90b14801ce1787742a1607754e938b10e7d85d7724e66043c291948f6dbc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e75f7fb7380c726548abcf3f23e1444cfd9b3673e7deea0476d88528b0b6ac32
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F0FF1450E2C94FDB62A77C5870AB27FE49F03628B0940EEE0D8C60E3D8881986C3A6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bf1a68f9c1d3a87a85940ac658332253110b7e66b33c94fbe019d704371cff47
                                                                                                                                                                                                          • Instruction ID: 05d1d47d63551489a07c923460a289d40ad1160d32cc02cd4fd414d417ae563d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf1a68f9c1d3a87a85940ac658332253110b7e66b33c94fbe019d704371cff47
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2E07D3360F94C5BCB10EA9A7CA04CA3F98FB8D318B01012AF48CC3251E2525511C351
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C0271 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000003.2393155171.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction ID: 06401d89036e6c46b20f7c1a37fce2788aa04f350aaf19392997c2e569a891a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 02B41538 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: 90063eca2acb2f65f63b3e51de53e97ff983baece15556cab7d25f857a084da1
                                                                                                                                                                                                          • Instruction ID: 93b1b383b1ac3aec5e58d860b8566b69e09a67b85635b1db73f7728885484b1e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90063eca2acb2f65f63b3e51de53e97ff983baece15556cab7d25f857a084da1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F121B131D10709CFCF10EF68D8449A9F775FF84315B0586AAD809AB222EB31E9D4CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41528 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq
                                                                                                                                                                                                          • API String ID: 0-847773763
                                                                                                                                                                                                          • Opcode ID: 5d31511104be14be6c897a9326e396fc428ae95f812f4d86af30a3894c7847bb
                                                                                                                                                                                                          • Instruction ID: d87b186a8651f42ebd783076075c7fbaa9e1fa9f57d53a6530d3ea84e5a6070a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d31511104be14be6c897a9326e396fc428ae95f812f4d86af30a3894c7847bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E21B231D14749CFCF11AF78D8549A9BB71FF85301B098AAED489AB122EB31D5C4CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B40848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d5cea04d8a5fee09b8c361f12c14863d552f7356eb8dfdcb4ce546604a0ce299
                                                                                                                                                                                                          • Instruction ID: 3067f13f8377590b30cef6445d083cfeef22e5066f6719d60fe2077ded6c7d54
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5cea04d8a5fee09b8c361f12c14863d552f7356eb8dfdcb4ce546604a0ce299
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62619030A003169FDF18EB74D994BAE77B2BF85704F0089AEE6159B354DF349845DB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B412E1 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2edeac66951437cc28833ab13e57a3cc967582fd052523451cb6f31ccebefd6c
                                                                                                                                                                                                          • Instruction ID: 8907dff9f625f72ecd7a12c151af925d1ad944260577421377156011b1fcdf19
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2edeac66951437cc28833ab13e57a3cc967582fd052523451cb6f31ccebefd6c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E518F32D50B4AAAE7109BB4CC45B99F371FFAA700F21CB16F6483B191EBB0A1D4C641
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B40ED8 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 28a46dd208a5575a0f7914e67e9bdfc0b444adfb84d09dcf9ee07d37f8897b49
                                                                                                                                                                                                          • Instruction ID: 6b23d931ee9dbd25a98a7008e819143e7ea3c4959d3f23cfd9c31b46972da848
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28a46dd208a5575a0f7914e67e9bdfc0b444adfb84d09dcf9ee07d37f8897b49
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D421806520D7D40FC307633CA8A16A97FA28FD3315B0A49EFC1C98B5A3C950598AD362
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B412F0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ad89f30901bf680731ad6b82ea3e31845325f176306caa81c17ad540b1de39b1
                                                                                                                                                                                                          • Instruction ID: 3be0c085974357f0819b7babe3c1a50f3b668ee31a88bd18e138684a25baf607
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad89f30901bf680731ad6b82ea3e31845325f176306caa81c17ad540b1de39b1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD512F32E50B0AA6E710EBA5CC45A99F372FF99700F61CB15F6483B195FBB0A1D4C681
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41B08 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 38c4c5dcc4ff7e1650bcd1fca2e7745360ebc68ed83ea8d257b77f831654a78b
                                                                                                                                                                                                          • Instruction ID: b8db49ac9eba5459ccca2978fa2f543dd556bb4351182bc3a5f5aa7767c136e5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38c4c5dcc4ff7e1650bcd1fca2e7745360ebc68ed83ea8d257b77f831654a78b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D416232E10B4A9BCB00DFB9C8945DDF7B2FF85304B11C66AD559BB115EB30A686DB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41C74 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 09d3914fc567d06ab960eb528d852823102779ac90e386c746b69d1741397a72
                                                                                                                                                                                                          • Instruction ID: 735599c99208be31b04d039448548fa0019c198fef6e4f581280e1caae45b858
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09d3914fc567d06ab960eb528d852823102779ac90e386c746b69d1741397a72
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE4125B1C1035D9ECB10CFA9C984ADEFBB5AF48300F20815AE459BB254DB746A89CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B417C9 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 376a8dd85653c6b374aa8684c6a0301e2580dc78b1d35781bbcd07474e56ac3f
                                                                                                                                                                                                          • Instruction ID: 1cef841a149e4e7e7173d418824484d2cd0a9af697a658c59a73a130c8c15ba1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 376a8dd85653c6b374aa8684c6a0301e2580dc78b1d35781bbcd07474e56ac3f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35317232E1170AABDB01DFB9D8945DEFBB2FF85300F11C66AE545A7121EB30A585C780
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B4118C Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 41c6996632008aeeb1083d1150dd7889d2428bd33d517fd34dbd854c40ddf423
                                                                                                                                                                                                          • Instruction ID: 90aa0e8d63fc836b204982f7bfebb2211f143532b48d5c2d3c238da860aa9be5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41c6996632008aeeb1083d1150dd7889d2428bd33d517fd34dbd854c40ddf423
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D94113B1D012489FDB14DFA9C984BDEBFF6AF48304F10806AE848EB290DB705986CF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41C80 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b6716de294719293ed20d23af275082b53825a473a7ebcb15062e52e5f6fa012
                                                                                                                                                                                                          • Instruction ID: e73e730a20f333c5f9ed6c7f47a76fa4b331e535bf366192999bbfc29559103a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6716de294719293ed20d23af275082b53825a473a7ebcb15062e52e5f6fa012
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F141F5B1D1035D9ACB14DFAAC984ADEFBB5EF48300F20852AD419BB244DB716A85CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41674 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c5d6cbee69719fe9f948139d95ebcb16f45328b63cccf0ea9317b3575794d5ce
                                                                                                                                                                                                          • Instruction ID: 4c13ee0463f4cfad9d5ebceed509ff4968a11d046a3b9524a5e152c747fe2236
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5d6cbee69719fe9f948139d95ebcb16f45328b63cccf0ea9317b3575794d5ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B4113B1D012489FDB14DFA9C985BDEBFF6AF48304F14806AE409AB290DB705949CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41198 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ff6604a62ff5d31476c7d8159313923fe6364d49b9879c621de68a29689e649c
                                                                                                                                                                                                          • Instruction ID: e0ee2ff488b998edd22efb90c48d7c33c495e402c6f8de2edeb19e1b05376895
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff6604a62ff5d31476c7d8159313923fe6364d49b9879c621de68a29689e649c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F31F671D112489FDB14DFA9C984BDEFBF6AF48304F10806AE919EB250DB745945CF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41680 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 12edf85eec973b687e9fd8946279d416c8321e225d35fd6ab7f8e843b521ae5a
                                                                                                                                                                                                          • Instruction ID: 637f6f8b3dcc8749606988eea140954c5002ab8a417ad5a61a46b8ae2ab9b4ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12edf85eec973b687e9fd8946279d416c8321e225d35fd6ab7f8e843b521ae5a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF3114B1D012489FDB14DFAAC984BDEFBF6EF48304F10806AE419AB290CB745945CF94
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B40830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e14accbc42d55d756426c1d6d5e5fd37be78cc6ea9ec260d2e789971104ddf85
                                                                                                                                                                                                          • Instruction ID: 3179b2e127bec1d25b80a0d6aed8972c3410897aa0693dbb9de738c5d72d515e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e14accbc42d55d756426c1d6d5e5fd37be78cc6ea9ec260d2e789971104ddf85
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B721F3306013418BDF1AAB34C8507AE77B6AFC1604F05499FDA459B799DF359C0BD781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B419F5 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5c0fb8b09ff81e1c34943ea0c01d48eadaefcaa403cf5a4651c5b00eeccbf577
                                                                                                                                                                                                          • Instruction ID: 6149dab4740a2a22b4195304ea0f882dc79b77d54fae7b58dd06f84d93c60e62
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c0fb8b09ff81e1c34943ea0c01d48eadaefcaa403cf5a4651c5b00eeccbf577
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4831E4B1D012489FDB24DFA9D485ADEBFF5AF48310F24816AE429AB250CB755885CFA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B418E4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5f0ef603cd0e7472688e902c14f6f206b65ccc5ceaab2879e453e738e60a98ce
                                                                                                                                                                                                          • Instruction ID: 439bfceb8a038c5b81dd7c191ad51631a1e00f2eaa1b4d865bb8a3e8b4886c00
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f0ef603cd0e7472688e902c14f6f206b65ccc5ceaab2879e453e738e60a98ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8231E5B1C102589FDB14DFAAD485ADEBFF4AF08310F24805AE559BB290CB745886CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41A00 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 318cf1fda3571b08f0c3ee0f3826a774f5bbc0f41056cb1767062b47a3e172df
                                                                                                                                                                                                          • Instruction ID: 25890ff05969beb17bf51e435ef31186c50aa49f2343360343380ff5eaf47c20
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 318cf1fda3571b08f0c3ee0f3826a774f5bbc0f41056cb1767062b47a3e172df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8631D6B1D102589FDB14DF99C484ADEFFF5EF48310F14805AE429A7250CB755985CFA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B418F0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a45ae047544fa079e0a8282966084d2a782cbc37ef8713c507148e1fa11c5fab
                                                                                                                                                                                                          • Instruction ID: fab49df0417792f637dd6ae1bef28daa865d28026e22c27e06b8a662deefcc6b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a45ae047544fa079e0a8282966084d2a782cbc37ef8713c507148e1fa11c5fab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21F2B1C102589FDB14DFAAD884A9EFFF8AF08310F24806AE519AB240CB745885CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B41028 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c54ad6e7abcd5d2ef1b084ac658bfd5c272bb5a6a1ac5b860fb6cd5a2b03a214
                                                                                                                                                                                                          • Instruction ID: c09ff0ff7ce48b3ffed0880fdcb8db22b6c05daef12bc46bfbcebc5a3570430c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c54ad6e7abcd5d2ef1b084ac658bfd5c272bb5a6a1ac5b860fb6cd5a2b03a214
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47012631B057459FC705DB79E861AAD7BB2DFC1345B05C9BEE04DCB251DA31A846DB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B410B9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7f6fee460f21e8d7beb526d7058e4e85f6885793a0756b81b64f71f60b3f5f9e
                                                                                                                                                                                                          • Instruction ID: f81bf205c9ff07d00f22f07213b28496903de55f8ba6bfae58cae32736552200
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f6fee460f21e8d7beb526d7058e4e85f6885793a0756b81b64f71f60b3f5f9e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EF04631B04148ABCF15DBB4C855DEE7BA6DFC4300F00886ED242A7290DA316906DB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B410C8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: da6e4f9816c115a364b84a8a410494fbf4beb1db015f56d5dbaff22e19f9e1af
                                                                                                                                                                                                          • Instruction ID: d26e47059cffa9570ce98f08c2bc0d4213f264b4793c7425d9feba5ecd94226c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: da6e4f9816c115a364b84a8a410494fbf4beb1db015f56d5dbaff22e19f9e1af
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CF0E232B0010CA7CF04DAA9D855DEE7BABEF88300F008469D205A7250DE32A955DBE1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B4161F Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 40cfcd43670ad88f1b4e379a881a6569978cc6bdf4880099c68c1f05d8464808
                                                                                                                                                                                                          • Instruction ID: 7a7f557fc901bb666548520bf9adb103b504054970f4033c2ede2c783da76fea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40cfcd43670ad88f1b4e379a881a6569978cc6bdf4880099c68c1f05d8464808
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BF02731E0924DAFC700CB709D95AAE7BA7CF81204B09C4EDD00DD7002ED318A06AB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B40AD1 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 81c8c1c82a718fa892ac06ddac5284276d459fbdad3658e97f9c0b6ebea1c76e
                                                                                                                                                                                                          • Instruction ID: a91f958efbdd9370f57e609fe42337f733c36451adae244d298a7a2788ddeb7b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81c8c1c82a718fa892ac06ddac5284276d459fbdad3658e97f9c0b6ebea1c76e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4F01D70D05249EFCB01FBB8E959A9CBFB0EF44305B5046ADE805D7215EA302E95AF41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B40AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0170df37acd03204e7aa6a11d3ce3b0152b75ebf93d343ec5527406204497af6
                                                                                                                                                                                                          • Instruction ID: f8dfa6461fc5d52db077fcf6496ef4e474bfd2dc60c35a0ec6dfda9731eb96b2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0170df37acd03204e7aa6a11d3ce3b0152b75ebf93d343ec5527406204497af6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1F0FE7090121DEFCB40FFB8E945A9CBBB1EF44305F9045A9E409D7215EA302F84AF41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B40B39 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bb4ef9c546cbcdd8d583a47a4508e89b0b6b354dc743912c4aeb0f7aeacb76bd
                                                                                                                                                                                                          • Instruction ID: d1ed383266944383efe5463a3647c746e242a82e0fd1010542d45095da9d6513
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb4ef9c546cbcdd8d583a47a4508e89b0b6b354dc743912c4aeb0f7aeacb76bd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9E0C2A170CF950FC307A77C746155C2FE28EC1711B4A4AEFC1888B297DE102D8587D2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02B408FF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000014.00000002.2392609422.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B40000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_2b40000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d5afca5b33d187cd7fb5fc31be92ed578e8c159009952278990362075397e6e4
                                                                                                                                                                                                          • Instruction ID: d78497074e5f6c5979564b7114c8e75177d36fad78b11848919a53f1e28f49fa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5afca5b33d187cd7fb5fc31be92ed578e8c159009952278990362075397e6e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1ED09E75700219CFCF04EFA8D4485DC77B0EF88715F0004A5E209DB360DB759855CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4B12C0 Relevance: 2.2, Strings: 1, Instructions: 912COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2B_I
                                                                                                                                                                                                          • API String ID: 0-979045943
                                                                                                                                                                                                          • Opcode ID: e22cc30ca0d4b7e068a1a6e1b6b503f2a775e9d067ec1ab1a8ff1d720b551d16
                                                                                                                                                                                                          • Instruction ID: 17ef17881d46c466b9616679a25ed462edfb63a08461f29c08fb3bf718036be0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e22cc30ca0d4b7e068a1a6e1b6b503f2a775e9d067ec1ab1a8ff1d720b551d16
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57526B63B1F6D50FEB3996AC586417C6BA2EF85364B1940FBD088C71FBE814AD01E741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B4E6A Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a656f35a79e4bb32f8e93a937ea10453fbf530d344fb3a33fe035bce078c96e7
                                                                                                                                                                                                          • Instruction ID: 8bb6bb3d340dcf72e0164363b9c65b3e9c32771cc30fbbaa6d3b54d7116c4de9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a656f35a79e4bb32f8e93a937ea10453fbf530d344fb3a33fe035bce078c96e7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9E12A30B1DA494FDB5D9F2894255BDB7E2FF95304B0541BEE00EC72E7DE28A9428781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1518 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 48df8c3ae8be29623dc4bdca8b61117da3f072f28fe083f5d6128b8a19d23de4
                                                                                                                                                                                                          • Instruction ID: 4adc9c38d184ef982142301aadee5e10fa5de7207b4894f41c140063789684c3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48df8c3ae8be29623dc4bdca8b61117da3f072f28fe083f5d6128b8a19d23de4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74E16672B1FAC90FE7699AAC546917C6BE2EF85314B1900FBD089C71EBDC14AD02D781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B4A48 Relevance: .5, Instructions: 453COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: be01614ae2cbec7695358e2fd704f0b18b01a598bcf84d1cbaffc1a0f56e13bc
                                                                                                                                                                                                          • Instruction ID: f2099ae72df5e6273a2020ccd46fc62da28400d4fca4b7f78876bffea8eee270
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be01614ae2cbec7695358e2fd704f0b18b01a598bcf84d1cbaffc1a0f56e13bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DD13832B0D65A4FE749BF6CA8215E97BE1FF8632470801B7D05DCB1D7DD28A8868790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B3751 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c6956c7b3d495dea6d5d038810fa68a6f80c0f2b81521fbfd9f266d2cc9a510a
                                                                                                                                                                                                          • Instruction ID: 6c51d46b7a6111453b7d2fea474005f1a3378553da2ad420bbd361ead36597ea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6956c7b3d495dea6d5d038810fa68a6f80c0f2b81521fbfd9f266d2cc9a510a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7191692160E6D94FE766977D98746757FE0EF53328B0A01FBD1D8C70A3E9086846CB42
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B39B9 Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 39b5bb3bef354d9a5cdde73365de78a3c1c7365e4faef060010d2d5157d3f878
                                                                                                                                                                                                          • Instruction ID: 91bfbfc7ae3e4fcbb51faf0654e680131b33f307b54c17a562fbc6f2356ed21c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39b5bb3bef354d9a5cdde73365de78a3c1c7365e4faef060010d2d5157d3f878
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D932B230B18A4E8FD799EF28C8606A9B7E1FF4A304B1501BAD419C72E6DE34AD418F51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B2A70 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 44783f91fdf1a09626c5dc6863c8a01bdc55face65436d8cff3ecdecdc95b556
                                                                                                                                                                                                          • Instruction ID: 4390b9b023bd0191f3b4bd09a69620739a9c0f2c0f9e001731fce39cd220bb5c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44783f91fdf1a09626c5dc6863c8a01bdc55face65436d8cff3ecdecdc95b556
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3A14811B0FAAA0FE7795AFC68751A93FA1DF8A254B0A01FBD15CC71E7DC0869068741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B544D Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 80ede116a4d003859ae9585b718d04ca075379f5397ca61cc21fd87f7d73e683
                                                                                                                                                                                                          • Instruction ID: d63703da5d3577330d67f85df961211ee0ad1a5a3d0abd4489c175ceb8d892cf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80ede116a4d003859ae9585b718d04ca075379f5397ca61cc21fd87f7d73e683
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3A12931B1DA994FDB5DAB2894316BC77D1EF98304B0541BED00EC72D7DE28A9428B80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B40E5 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fea6050ecb1e195e8f984baa53afbe39759e4b817d2617a4ad37a6a5874acfe0
                                                                                                                                                                                                          • Instruction ID: 8161419bc578142c5ab12efac2781f2b4567fd537646cb26ecb0c74f9a7cbc49
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fea6050ecb1e195e8f984baa53afbe39759e4b817d2617a4ad37a6a5874acfe0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9716620B0EA5A0FEBA9977C44752BC77C1EF85358F1541BED009C72E3DD18AD419782
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B34E1 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: df35392603d27f17e2a4814beb4515c1aa44efd2f6ba2f5db21461c778338bff
                                                                                                                                                                                                          • Instruction ID: 363c9c1c894e60f0cd1d076e1252ae15d9986012550b58d680ed41ad1bc4b80d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: df35392603d27f17e2a4814beb4515c1aa44efd2f6ba2f5db21461c778338bff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D651AD30B18A1D8FEB95EF6CD854AE977E1FF59315B0500BAE409C72A2DA35EC41CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B2258 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 785ec328cb2442bebdc05422713a04fd6e3daa9069a7d6f2a50ba5dcb65bc96b
                                                                                                                                                                                                          • Instruction ID: 99fa6f7320a06e88baca63f196e6a6ea5bd7dd28ee6166ab49a3a28140d5c3ac
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 785ec328cb2442bebdc05422713a04fd6e3daa9069a7d6f2a50ba5dcb65bc96b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D516B23F0E55A0BE759B7BC68665F9BBD0EF8132470941B7D499C70D7DC08288B4791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 74f63c1eecadcb1a8631ec16418c2131defffa05ba1ada78a2c8f1108bc50db5
                                                                                                                                                                                                          • Instruction ID: 87b231c38f733514b6a874c2644fdc7540180c10ec1b09a111f4fe085a11a3ad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74f63c1eecadcb1a8631ec16418c2131defffa05ba1ada78a2c8f1108bc50db5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5413911E2FBAA0FE7AA977848756A83BE1DF56250B0601FBC148CB0F3ED4C5D468742
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B0288 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 65320043cb9ca568bcac528ab5da8df00cdedaab10ddec0f036466fa8ec125d8
                                                                                                                                                                                                          • Instruction ID: 272ee3044b8f766d7ff98ee976ebf12c70a6f5046696c3b102533fa1b5419f4a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65320043cb9ca568bcac528ab5da8df00cdedaab10ddec0f036466fa8ec125d8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B418B21B1E6890FE3799AAC5C716393BE1EF8A35070541BFD08CC72E7DE186906D381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B585D Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 026eaada04d348d82c8448db7612604fde4c321fa08b33b551c97640f164ae1f
                                                                                                                                                                                                          • Instruction ID: b7449742d62726953d4a0c9b4060040d9f24377d840ba22fd136e91ddc749ff6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 026eaada04d348d82c8448db7612604fde4c321fa08b33b551c97640f164ae1f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27414612B0EA6E0FE7A5627C14742B977D1EF89264F1A00BBD10DC71E3EC189D059741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                          • Instruction ID: 1d5adb0db4673064f94400c73d7ad186b8f77c666749876ff84aadbccdf03b87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A41D33091E7C94FDB2A9BA958645B97FB0EF13329F0401BFD089C21A3CA582416C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B454D Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ffeb3c9d948c73f3ed11f758779867f7494f2b2935147a7c928f9128e8a4222f
                                                                                                                                                                                                          • Instruction ID: 399b92f5a7fca3d6d7798f03fd04faca0f70ab7efe343ac6bd82cb677c444117
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffeb3c9d948c73f3ed11f758779867f7494f2b2935147a7c928f9128e8a4222f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E31B630E09A2D4FDB55EBACD851AE977F1EF99310F05017AE409D72A2CD28AD41DB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B02E0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0e0efd63d83168e2d282528827a273214b501d42835151307b8c844651d27bf4
                                                                                                                                                                                                          • Instruction ID: 9d6a1ce55133b15347e607d74e07fbfaa7fc6c3c3ea8c5024d59b26ba9dde18a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e0efd63d83168e2d282528827a273214b501d42835151307b8c844651d27bf4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6231B630F0462C8FDB54EBACD851AED77E1EF59310F05017AE409D32A2CE24AD41DB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                          • Instruction ID: 5fd56e2cdba77fee29d982ccd8e4105f27dfa6289c23d63f15cb53f4bdc19382
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11F06211B1AC7E05F27611EA16652BD2185AB4522CFA60536DA2DC61F2DC08EA522D51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B5AF1 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b7cf93e78e2df81802170a4d61ef0f3fc3051417a14a1e4d0dd890aba22d4024
                                                                                                                                                                                                          • Instruction ID: 104bba01bb439d77018ad76356b59bd6c05b05577f34130dcfa4d77a17828404
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7cf93e78e2df81802170a4d61ef0f3fc3051417a14a1e4d0dd890aba22d4024
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8F0461066E5C94FDB63A77C48706A17FE4CF07219B0900F7E0D8CA0A7D94C0D45C362
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                          • Instruction ID: 482f06afbf8c7f7d01d337c2106e2a8d71e3c13c79eb3284e2e96b3e8398fbe8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE07D3260F94C5BCB10EA9A7C604CA3F98FF8D318B01012AF48CC3251E2125511C755
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B0271 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000016.00000003.2409056219.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_22_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction ID: 06401d89036e6c46b20f7c1a37fce2788aa04f350aaf19392997c2e569a891a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 02CF17F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: 0fbce6630987e5443810d982508c4ea0d93c8002975516acfe21af656b3fee09
                                                                                                                                                                                                          • Instruction ID: 2b0045fdba2b692198caab3cba19fcb4858bc32a412560be96be0b3c399d5b2c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fbce6630987e5443810d982508c4ea0d93c8002975516acfe21af656b3fee09
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A21E531E00709CFCF10AF79D844599F7B1FF85305B0586AED5496B215EB72E584CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF17E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq
                                                                                                                                                                                                          • API String ID: 0-847773763
                                                                                                                                                                                                          • Opcode ID: 65cd0e45cb0575b5e48596f205ba8ccec25627b70d8eb3a42af1c197e336b090
                                                                                                                                                                                                          • Instruction ID: cbe767acb162c7adc57817dd0b769bfb17d4256190afbc6c1d0285183a20aa45
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65cd0e45cb0575b5e48596f205ba8ccec25627b70d8eb3a42af1c197e336b090
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF21F131900709CFCF119F78D8144A9B7B1FF85304B0A86AED8496B226EB76E984CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF0848 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8f8a95abc9d093cd07439f4824b0f7b7366ed4c3c1535357ee9323eee288a78c
                                                                                                                                                                                                          • Instruction ID: e9f902967951485109e9fa5bcb3e82d4fc8944b7087d9c2e2c1abd6b57b57fe6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f8a95abc9d093cd07439f4824b0f7b7366ed4c3c1535357ee9323eee288a78c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1761EE30A00316DFDF94EF74D8586AEBBB2BF84B04F10846DD9459B359EB31A946CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF15A2 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 33bd248a13b730c5b9f74da7194404488fcc980481dd55d189306c67531cec58
                                                                                                                                                                                                          • Instruction ID: 276ef620c02a9f8e63f19a768a05b3c7fbc1813c08fa23595539d3079b7069b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33bd248a13b730c5b9f74da7194404488fcc980481dd55d189306c67531cec58
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23516132E50B06A6E710DBA5CC45699F371FFA6700F61CB1AF6483B195FBB0A1C4CA91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF15B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 39c1461fde27a4dcd1e81a7fc041562421eb5e80690824094cea6cac6679f480
                                                                                                                                                                                                          • Instruction ID: efec1e5c86063d13ab2e871564c038da1ed9b0261074a4d95cfbc7e64f9490d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39c1461fde27a4dcd1e81a7fc041562421eb5e80690824094cea6cac6679f480
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60515E32E50B06A6E710DBA5CC45A9AF371FFD9700F61CB16F6483B195EBB0A1D4CA81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1DC8 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 565fdd9db9f562197b674852b7e0c47e88a5ec05e543b1b8cfa31039920910f6
                                                                                                                                                                                                          • Instruction ID: 2b06f84c096d66b2ae06f7ff0e03a63ff445b43c96fdacab66c1486101cb51e2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 565fdd9db9f562197b674852b7e0c47e88a5ec05e543b1b8cfa31039920910f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7416032E00B4ADACB01DFB9C8944DDF7B2FF95304B15C61AE959BB114EB70A685CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1029 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dcf6bcf48d263189725943dbf517ac12f93ab5afe739adc650ab874ce77bb6f4
                                                                                                                                                                                                          • Instruction ID: 119091adfc9065c1ad39514a64ccd7a48c30fc61a7bc7597de88dfb0e2f83f2a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcf6bcf48d263189725943dbf517ac12f93ab5afe739adc650ab874ce77bb6f4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C417C70B0060A9FCB54DB75C8946AEBBF3FFC4304F10C529D549A7268EB75A906CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1F34 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2dd2cbe21a7118fb30deb7ef658ca670a207e43258fa2a5e7702a11ef065123d
                                                                                                                                                                                                          • Instruction ID: 81fc98187744fbcfc0fc3a43569b4e81b57d2a9f5c74b3d3c2b0b62530286843
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dd2cbe21a7118fb30deb7ef658ca670a207e43258fa2a5e7702a11ef065123d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C413471C0034D8BCB50DFAAC984ACEFBB5AF49304F20811AE459BB245DB756A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4f56e2b1c9dd06fcbcbee7289cd4aa79161a10bb6ec64cbb98a7d1eda3cb2594
                                                                                                                                                                                                          • Instruction ID: 078304bd671e30b776f32e230b624b9a6d0b2fe59c8a88f2d2f9f086e3f1593a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f56e2b1c9dd06fcbcbee7289cd4aa79161a10bb6ec64cbb98a7d1eda3cb2594
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81318132E00609EADB00DFB9D8805DEF7B2FF95310F11C66AE549A7210FB70A585C790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF11E4 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1e26a3597c448c997bf596862b87d7f945f43b77fcbdd4111b1993b7974eab62
                                                                                                                                                                                                          • Instruction ID: 4da1a6ca85d2f648aed27833c6733eb05526959cf76ef051eabb0f34652b3c63
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e26a3597c448c997bf596862b87d7f945f43b77fcbdd4111b1993b7974eab62
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C4113B1D00248DFDB64DFA9C994BDEBBF6AF48304F14802AE509BB250CB755945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1934 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 76a50df2bce898871b9a539396cb132071461fa21db6052638f92a8947389e11
                                                                                                                                                                                                          • Instruction ID: 389cece3464c17138fb5c89a6b91e48336845dbdb946f4af6413ef4efca35fa7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76a50df2bce898871b9a539396cb132071461fa21db6052638f92a8947389e11
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE4144B0D00248DFDB54CFAAC984BDEBBB6AF48304F14802AE509BB254CB755A05CFA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a38e0ea2e99a72b4bbf64a8692018096e837f45bb68776c72e9073d6cd01e665
                                                                                                                                                                                                          • Instruction ID: 7187572b9b3fecf24e68559fc93a37e1eb3c1cb0219851a123e17d69d048db53
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a38e0ea2e99a72b4bbf64a8692018096e837f45bb68776c72e9073d6cd01e665
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E4104B1C0034DCADB50CFAAC944ADEFBB5BF88304F20812AD419BB244DB756A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF11F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 677825e1ce6e48a38ee172e681ce7ccfb09592274d3ba46808cb4af30d36ab46
                                                                                                                                                                                                          • Instruction ID: fb3b9c73afe20c13287c0c8f1a9ca3de5765d74fd7c796d5401b32d6546247eb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 677825e1ce6e48a38ee172e681ce7ccfb09592274d3ba46808cb4af30d36ab46
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 463113B1D00248DFDB64DFAAC984BDEBBF6AF48304F14802AE509BB250CB715945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ffaf131c07dbe3505f1bd05309bfa47b66c2f794b714a00c684b792b6bfdaac5
                                                                                                                                                                                                          • Instruction ID: dca0c07fc567fbcda9115e21d1ea41c770d9b77d22aeb310ac34113bc0389560
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffaf131c07dbe3505f1bd05309bfa47b66c2f794b714a00c684b792b6bfdaac5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB3125B1D01248DFDB54DFAAC984BDEBBF6AF48304F14802AE509BB250DB755A45CFA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1CB4 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f2260fbb65ed05da77c463b788e924448b2be75f4ff530275fa8694d3b8fcc9a
                                                                                                                                                                                                          • Instruction ID: d4a822fe23a8aaabbd5570c9e0541ea1227295f176fb0a5df50d0dbc3b003221
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2260fbb65ed05da77c463b788e924448b2be75f4ff530275fa8694d3b8fcc9a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 833103B1C00248DFDB64DFA9C984ADEBFF5AF48314F24812AE419BB240C7755946CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF0830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 383ca933536489a720c3879cfb1a59b11225c02ba4bab86c341701f96d0e5044
                                                                                                                                                                                                          • Instruction ID: 09d4d65471831b97ac1924225e0f9fb433d32a0b42171ecf9cf3a6ec305da5f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 383ca933536489a720c3879cfb1a59b11225c02ba4bab86c341701f96d0e5044
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E21D531A003515BCF95977588106AE7BB7AFC6B08F04456ECA499735EEB369806C781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF0EF7 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 90ebb7b9961a70b7f26ad71e47c2aac27feda9300221b2d9b45af38c3fd1ce3f
                                                                                                                                                                                                          • Instruction ID: a5388b41e76706175d93575691441331932ff5675e84fa9afb03975b3e272cee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90ebb7b9961a70b7f26ad71e47c2aac27feda9300221b2d9b45af38c3fd1ce3f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F1106363043480FC681A3BEE4901BE7BD7DBE0751F09896FC24E87256CE616C468B51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1BA4 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dbb7478707a00ea4d2579bf6419cd9560fcaaca7c50bcc8df52f2b6c768d05d1
                                                                                                                                                                                                          • Instruction ID: 8dd22dc7bde9b064c19c16387e367f6998cfe0f741ac768d7af644e1514576d3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbb7478707a00ea4d2579bf6419cd9560fcaaca7c50bcc8df52f2b6c768d05d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B31E3B1D00298DFDB54CFAAD884ADEBFB9AF49314F24802AE419B7240CB755945DF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e325fb78d693350007a70f69af582c521790b4e3926edd406916f9e76dc9a519
                                                                                                                                                                                                          • Instruction ID: f727d58e83dc68c552e3d2c3551e52b51406388b74b9402bb498c987ac7f9690
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e325fb78d693350007a70f69af582c521790b4e3926edd406916f9e76dc9a519
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5731F5B1C00248DFDB64DF9AC884ADEBFF9AF48314F24802AE419BB240CB755945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e25209a9b79390d07813440fda8708920d127c9d4eebb8bd4d7fbd1cc5a70e11
                                                                                                                                                                                                          • Instruction ID: 1e653d0cf483de106e39b8a2efd0822b6c22b8ea740da9f7e59c4c84db7f758d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e25209a9b79390d07813440fda8708920d127c9d4eebb8bd4d7fbd1cc5a70e11
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4821D0B1D00258DFDB54DFAAD884ADEBFF9BF48314F24802AE519BB240CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF0F5F Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 77a24b8f996320deff861be90d28508b48c04d401b02c09258aeb8bea623a952
                                                                                                                                                                                                          • Instruction ID: 7ccb76e19bd7ce7d1b3942613abba65ea0f184466306d5bf4e5ff2a03ead6c24
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77a24b8f996320deff861be90d28508b48c04d401b02c09258aeb8bea623a952
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCF0A03120D3C40FC79293B894505AA7FE69FD7760B0A89AFC0898B197CA541846C752
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF18E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6a2a3ab0c573ed506ba714046311df6a376e8bae852bb74f54046b225c1baced
                                                                                                                                                                                                          • Instruction ID: db0377ff92377c41b3fba6acfcbec55b77cf0c399b97368e61b6f2da1eafd141
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a2a3ab0c573ed506ba714046311df6a376e8bae852bb74f54046b225c1baced
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0F0E570A09249AFCB01CF718C909AD7FABEF93204B05C5DDD48DDB145E9369A02AB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1188 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 666ebbe2e4edb4effe8cb805ec4d99398e9c6651f130edd7ea5c31fadd551531
                                                                                                                                                                                                          • Instruction ID: 6ea090dce41dbe6b36730d25d58c496158ff93ff98eda9c179c32c587f9d7e02
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 666ebbe2e4edb4effe8cb805ec4d99398e9c6651f130edd7ea5c31fadd551531
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81F0E571B05208BFCB01CFB0DD9089E7FE6EF56200B0085A9E54CCB151E9329A02AB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF0B3A Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e8b6267460150a40eea79c6ddc0ddd311dfe7c4cfcdabe2afff4cbd5d0260fa4
                                                                                                                                                                                                          • Instruction ID: abfecc51ef95972bb77b178eb7ec6a28a85ea159d2d5933abaed207adb2791fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8b6267460150a40eea79c6ddc0ddd311dfe7c4cfcdabe2afff4cbd5d0260fa4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FE0C2753196A00EC746A36C685049E1FA7AFE7B01B09125BE1489B24ADE505C0697E5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF1198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9e79488496624c93f51d0f2f9e5abbc11ea6738aeb90f49aa516b3dd1075532b
                                                                                                                                                                                                          • Instruction ID: e40ac368551e1471c26a029a67d2a775fd88de624f982d4e2e6ef053ae3e6bcc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e79488496624c93f51d0f2f9e5abbc11ea6738aeb90f49aa516b3dd1075532b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3E0D831B0110DFBCB00DFB0CD50D5E7BEBEF85204B40C568E609CB110EA31EA019B80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02CF09B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.2404807911.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_2cf0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 94e67f3d150d6046f7d7a1d4f9e58c8a1240fc32a0d6652c54444f912e6783f4
                                                                                                                                                                                                          • Instruction ID: 91cd6e5b16746d87dd862b0b1cf4c26451507d8b5b1ab59f780876ac02e56bbc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94e67f3d150d6046f7d7a1d4f9e58c8a1240fc32a0d6652c54444f912e6783f4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33D09E75740219CFCF40DFA9D4485DC77B0EF88715F0000A5E209DB361D7759855CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B400FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000019.00000002.2408373100.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                          • Instruction ID: ab1561c18d3dc3b2a34e2238a8a510388268936922be1a83ddee7623dea4f1f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2971C853B0FACD0BE776069C6C61135AF91DB97668B0903FBE0C8861FBD85A9E05D381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B40135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000019.00000002.2408373100.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                          • Instruction ID: 62de078f7a369aa7830a40a7e6cdda806884d609bd3aed979f34ace8eae38558
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21B431A0CA4C9FEB18DBA8D849AE9BBE0FF55321F00422FD049D3652DB756856CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4912C0 Relevance: 2.1, Strings: 1, Instructions: 894COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2D_I
                                                                                                                                                                                                          • API String ID: 0-1054241413
                                                                                                                                                                                                          • Opcode ID: 6d38777f51b3c7d492d7b2aa4fe85859e0d3122248d47a4bf15dd1ea26d08c48
                                                                                                                                                                                                          • Instruction ID: 9ae86f2b729b218031370b4bdbf08921439ea3ddca787aee1d5c7ff05376edd4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d38777f51b3c7d492d7b2aa4fe85859e0d3122248d47a4bf15dd1ea26d08c48
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9526A63B0FAC51FE73586AC58251787B92EF86B60B1901FBD089C71FBE864AD01D342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4944FB Relevance: .5, Instructions: 514COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 233f913463aaef89e4bf026f8a641cae8febc52a38729d05cf37ecd7320ca2e7
                                                                                                                                                                                                          • Instruction ID: 1ed8bf488e397a5069aad7c3a947efb14be50b00ba5d6045210b45ed041842a4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 233f913463aaef89e4bf026f8a641cae8febc52a38729d05cf37ecd7320ca2e7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38D14531B1DA890FE72DAB6C94615F977E1EF85718B0542BFD04ECB1D7CE28A9428381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B491518 Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1367443c4066863b81865d4c5346695dc7e542d4c2d3362618d79848c1e41c47
                                                                                                                                                                                                          • Instruction ID: 4b6130a1669c344aec91de9245ff0f3e1186141686250d86ab96fc264bc2f0e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1367443c4066863b81865d4c5346695dc7e542d4c2d3362618d79848c1e41c47
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DE17B62B0FAC90FE7758AAC54291787BD2EF46754B0901FBD089C71F7DC55AD029382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493751 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 677c8f78f7a88bca31b3a2a9500fdc88a14000ae83a90114e338ea6efcd2acb7
                                                                                                                                                                                                          • Instruction ID: c9e3bcf30775a19d3d259e41f7c558e33064c12e24e14150f579047a371f0596
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 677c8f78f7a88bca31b3a2a9500fdc88a14000ae83a90114e338ea6efcd2acb7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E791052160E6CA4FE7A6D77C98646717FE0EF53728B0901FAD0D9C70A7E908A946C742
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493B82 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c8ab143ad4d85cf40ae97e10958f68bd7b05ee422df336b61872f23cc8452de2
                                                                                                                                                                                                          • Instruction ID: 069c241e36316201a337754bec474855e74509f69628c3952967b8d07bad398e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8ab143ad4d85cf40ae97e10958f68bd7b05ee422df336b61872f23cc8452de2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07718A21B0EA8A0FF7A9A77844752B97BC2DF86B14F1501BAE45EC72E7CD1CAD418301
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4939B9 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b418b03b7eabba739e9fa82212c55b076e248e93389f900aae4b8172b6dc8e31
                                                                                                                                                                                                          • Instruction ID: eaf58829251d97ccd5dd52ed10e2c1e95b5a640805bc31d14167d08b8fafa529
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b418b03b7eabba739e9fa82212c55b076e248e93389f900aae4b8172b6dc8e31
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8951C730A09A8E8FE796EF78C8116AA7BE1FF46340B5540F6D41DCB2A6DD389D42C741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B492A70 Relevance: .4, Instructions: 381COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d54426008affbd2621d38e73203be763da13f365883da659eb5464881cf7a696
                                                                                                                                                                                                          • Instruction ID: 7aa7a027b7ef825c7f16dfccc095469cd9a74d07dc0b59d5d271341da8afaabe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d54426008affbd2621d38e73203be763da13f365883da659eb5464881cf7a696
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8A15722B0FA9A0FE7BE96FC58751A53BD1DF86A54B0A41FBD058C71E7DC085D068341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B492258 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: da7ce49f4a4c963f3de7945ac43f6c818eb52c50f8578ce5966a0ff7d19cc59d
                                                                                                                                                                                                          • Instruction ID: fb7d1f0002d3976b3e59a0d0491ae06a8b2362ff2d5de4ea1f17462d07448eac
                                                                                                                                                                                                          • Opcode Fuzzy Hash: da7ce49f4a4c963f3de7945ac43f6c818eb52c50f8578ce5966a0ff7d19cc59d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3517C22B0E94A0BD369BBBCA8624F57BD0EF4622870401FBD48DC70E7DD09288783C1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4934E1 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 53ddc8bcce8fb6418e359805a194aaac0697b93875afe55c121665705d9ec8f5
                                                                                                                                                                                                          • Instruction ID: 4f642438a02895d6c0627f881ad33eeae71a9981b93638a3ae4dc354257ebe34
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53ddc8bcce8fb6418e359805a194aaac0697b93875afe55c121665705d9ec8f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1951AE30B18A4D8FEB95EF6CD855AE97BE1FF59354B0500BAE409C72A2DA35AC41CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B491D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ae39421d3869f31314a78c77892ba8d46c09292fe7c41d8199eb1a21d00e93a5
                                                                                                                                                                                                          • Instruction ID: 6dc3c5771308c898e7beadc8b9256c568bc5ab87a98db2ced8219303b398c076
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae39421d3869f31314a78c77892ba8d46c09292fe7c41d8199eb1a21d00e93a5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC413711E0EB8A1FF7AA977848756A43FA1DF46650B0601FBC058CB0F7ED4C5D4A8342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B494A5D Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ac242e78bd4b52dd54d9c56bebeaeffa04b0f13a104d795443789a32684ddbbc
                                                                                                                                                                                                          • Instruction ID: 170b9f1ba01f52a99698e7d6c9b1e28d00c1379e1cf573e05bd5d71f2f2300ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac242e78bd4b52dd54d9c56bebeaeffa04b0f13a104d795443789a32684ddbbc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6414812B0EA4E0FE7B9527C94793B927D1DF88A64F1601BBD04DC72E2DD189D468381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B491C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 92a0d3aaed17cc176f48ff47ace37e1611b8fb3bc323745b2619a9242556e431
                                                                                                                                                                                                          • Instruction ID: fbbe0e52070f2730414d4ea3795a568600949b39f13d696af102346d16c510ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92a0d3aaed17cc176f48ff47ace37e1611b8fb3bc323745b2619a9242556e431
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E41E33091E7C95FDB2A9BA958646F57FA0EF13329F0801BFD099C21A3CA582416C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493FCD Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 35dda96fe9aa760b6343f2c39e1acb031a82983915230bb058a2f4e25069263d
                                                                                                                                                                                                          • Instruction ID: 82b535715b5caa073540ee344298f4ec02d19fde9831ea2a991563082177678c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35dda96fe9aa760b6343f2c39e1acb031a82983915230bb058a2f4e25069263d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8431FB31F0961C4FEB68DBA8C8659E977F1EF99710F0501BAE009D72A2CD24AD51CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4903E8 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b8a7a314f6b64ed65f796b69d8701bb3ff3bb360d2d27c44de8d907f53c65960
                                                                                                                                                                                                          • Instruction ID: 118e9c49c93846a1e5aa7f6d274d2a3612bc1033f90710456a7d1aaa9873329a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8a7a314f6b64ed65f796b69d8701bb3ff3bb360d2d27c44de8d907f53c65960
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27215421B0FB4A0FF73816BC28262B137E0DF4AB94F0245FBE408CB1FAD9189D855281
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B493168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f3806c8a42dee169c0dfadb9a06870ba6249b648c65239ed1effc851e4def48e
                                                                                                                                                                                                          • Instruction ID: 68b1133ea6a6f7e044d27875454af783d97870ed1c5fc6300c213e6072618c90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3806c8a42dee169c0dfadb9a06870ba6249b648c65239ed1effc851e4def48e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DF01D11B5AC5E06F37621E816A62B961C1AB4AA2CFA60635D83DC62F2DC08AA522552
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B494CF1 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ddf609332b958e703c72f97075097befeb372a2fb839784d68b059bd71434eae
                                                                                                                                                                                                          • Instruction ID: a3ff39ac9d8382445175a7f29b047b767330d6288eddef458e2ffa0e6bc60c25
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddf609332b958e703c72f97075097befeb372a2fb839784d68b059bd71434eae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADF0FF1455E5C94FE773A3AC98706617FE08F07618B1900EEE0D8C70A3D8481985C392
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4927D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 93cf5aacaa3026acf39e252800ffc57ec0fa43b80f8df4008369a67914db63ca
                                                                                                                                                                                                          • Instruction ID: 8adbff31f14a59e48ac99d4f04ede518e311642460e879845901edf7a5f28b57
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93cf5aacaa3026acf39e252800ffc57ec0fa43b80f8df4008369a67914db63ca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE07D32A4F94C5BCB10EA9A6CA04CA3B98FB8D318B01016AF48CC3251E2525511C351
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B490271 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001B.00000003.2439584730.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_27_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction ID: 06401d89036e6c46b20f7c1a37fce2788aa04f350aaf19392997c2e569a891a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:30.2%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                          Signature Coverage:27.3%
                                                                                                                                                                                                          Total number of Nodes:11
                                                                                                                                                                                                          Total number of Limit Nodes:1

                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B3D12E9 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 475 7ffd9b3d12e9-7ffd9b3d1311 477 7ffd9b3d135b-7ffd9b3d1370 call 7ffd9b3d1120 475->477 478 7ffd9b3d1313-7ffd9b3d1336 475->478 485 7ffd9b3d13c2-7ffd9b3d13cc 477->485 486 7ffd9b3d1372-7ffd9b3d137b 477->486 479 7ffd9b3d1338-7ffd9b3d133b 478->479 480 7ffd9b3d138f-7ffd9b3d13a1 478->480 483 7ffd9b3d13bc-7ffd9b3d13c1 479->483 484 7ffd9b3d133d-7ffd9b3d133f 479->484 493 7ffd9b3d13a3 480->493 494 7ffd9b3d13a4-7ffd9b3d13ba call 7ffd9b3d0548 480->494 488 7ffd9b3d13bb 484->488 489 7ffd9b3d1341 484->489 490 7ffd9b3d1425-7ffd9b3d1427 485->490 491 7ffd9b3d13ce-7ffd9b3d13d1 485->491 495 7ffd9b3d1386-7ffd9b3d138e call 7ffd9b3d0540 486->495 488->483 489->495 496 7ffd9b3d1343-7ffd9b3d1359 489->496 499 7ffd9b3d1429-7ffd9b3d142c 490->499 500 7ffd9b3d14a8-7ffd9b3d14d9 call 7ffd9b3d1130 490->500 497 7ffd9b3d1452 491->497 498 7ffd9b3d13d3-7ffd9b3d13d5 491->498 493->494 494->488 495->480 496->477 507 7ffd9b3d1453-7ffd9b3d1455 497->507 503 7ffd9b3d13d7 498->503 504 7ffd9b3d1451 498->504 499->490 505 7ffd9b3d142d-7ffd9b3d143d 499->505 520 7ffd9b3d14db-7ffd9b3d14fb 500->520 521 7ffd9b3d14fd-7ffd9b3d1513 call 7ffd9b3d1110 500->521 510 7ffd9b3d13d9-7ffd9b3d13db 503->510 511 7ffd9b3d141a 503->511 504->497 512 7ffd9b3d143e-7ffd9b3d144d call 7ffd9b3d1110 505->512 513 7ffd9b3d1457-7ffd9b3d145d 507->513 510->513 515 7ffd9b3d13dd-7ffd9b3d13e5 510->515 517 7ffd9b3d141b 511->517 518 7ffd9b3d1496-7ffd9b3d1499 511->518 512->504 535 7ffd9b3d1519-7ffd9b3d152a 512->535 519 7ffd9b3d145e-7ffd9b3d145f 513->519 522 7ffd9b3d13e7 515->522 523 7ffd9b3d1461-7ffd9b3d146e 515->523 527 7ffd9b3d149c-7ffd9b3d149e 517->527 528 7ffd9b3d141c 517->528 525 7ffd9b3d149b 518->525 519->523 520->521 550 7ffd9b3d152b-7ffd9b3d1534 520->550 521->507 521->535 522->505 533 7ffd9b3d13e9-7ffd9b3d13ed 522->533 529 7ffd9b3d1472-7ffd9b3d1484 523->529 525->527 539 7ffd9b3d14a4-7ffd9b3d14a7 527->539 530 7ffd9b3d141d 528->530 531 7ffd9b3d141e-7ffd9b3d141f 528->531 536 7ffd9b3d1485-7ffd9b3d1486 call 7ffd9b3d1140 529->536 530->531 531->525 537 7ffd9b3d1420 531->537 533->519 538 7ffd9b3d13ef-7ffd9b3d13f6 533->538 545 7ffd9b3d148b 536->545 542 7ffd9b3d1491-7ffd9b3d1493 537->542 543 7ffd9b3d1421-7ffd9b3d1423 537->543 538->529 544 7ffd9b3d13f8 538->544 539->500 542->521 546 7ffd9b3d1495 542->546 543->490 544->512 547 7ffd9b3d13fa-7ffd9b3d1414 544->547 545->542 546->518 547->536 551 7ffd9b3d1416-7ffd9b3d1419 547->551 552 7ffd9b3d1536-7ffd9b3d1539 550->552 553 7ffd9b3d158d 550->553 551->511 556 7ffd9b3d15ba-7ffd9b3d15c5 552->556 557 7ffd9b3d153b-7ffd9b3d153d 552->557 554 7ffd9b3d15fe 553->554 555 7ffd9b3d158e-7ffd9b3d1594 553->555 562 7ffd9b3d15ff-7ffd9b3d1604 554->562 558 7ffd9b3d1615-7ffd9b3d161c 555->558 559 7ffd9b3d1596 555->559 560 7ffd9b3d15b9 557->560 561 7ffd9b3d153f 557->561 563 7ffd9b3d161e-7ffd9b3d16a7 SetupDiGetClassDevsExW 558->563 564 7ffd9b3d1598 559->564 560->556 565 7ffd9b3d1541-7ffd9b3d1547 561->565 566 7ffd9b3d1583-7ffd9b3d158c 561->566 567 7ffd9b3d1608-7ffd9b3d1613 562->567 587 7ffd9b3d16a9 563->587 588 7ffd9b3d16af-7ffd9b3d16d7 563->588 568 7ffd9b3d159a-7ffd9b3d15a2 564->568 569 7ffd9b3d1614 564->569 570 7ffd9b3d1549-7ffd9b3d1550 565->570 571 7ffd9b3d15b8 565->571 566->553 566->567 567->569 568->563 573 7ffd9b3d15a4 568->573 569->558 574 7ffd9b3d15cc-7ffd9b3d15d6 570->574 575 7ffd9b3d1552 570->575 571->560 578 7ffd9b3d15e9-7ffd9b3d15ef 573->578 579 7ffd9b3d15a6 573->579 577 7ffd9b3d15da-7ffd9b3d15dc 574->577 575->564 576 7ffd9b3d1554-7ffd9b3d1558 575->576 581 7ffd9b3d15c9-7ffd9b3d15cb 576->581 582 7ffd9b3d155a-7ffd9b3d1561 576->582 584 7ffd9b3d15dd-7ffd9b3d15e7 577->584 590 7ffd9b3d15f1-7ffd9b3d15fd 578->590 580 7ffd9b3d15a9-7ffd9b3d15b7 579->580 580->571 581->574 582->584 586 7ffd9b3d1563 582->586 589 7ffd9b3d15e8 584->589 586->580 591 7ffd9b3d1565-7ffd9b3d1569 586->591 587->588 589->578 590->554 591->577 592 7ffd9b3d156b-7ffd9b3d1570 591->592 592->590 594 7ffd9b3d1572-7ffd9b3d1577 592->594 594->589 595 7ffd9b3d1579-7ffd9b3d157e 594->595 595->562 596 7ffd9b3d1580 595->596 596->566
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2439362622.00007FFD9B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_7ffd9b3d0000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: H7t
                                                                                                                                                                                                          • API String ID: 0-3517354020
                                                                                                                                                                                                          • Opcode ID: 4e54f52bf0e5b4f2d0b6de50ad6ecfd0d50a9716dabfa21506065adb532e5660
                                                                                                                                                                                                          • Instruction ID: 9bf9fbbcdc6a9112fa4f3976a0257a157b29418587b96c7f8c5046a955715877
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e54f52bf0e5b4f2d0b6de50ad6ecfd0d50a9716dabfa21506065adb532e5660
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4F13D71E0DB890FE779EB6448226B57BE1DF96310F0503BED48DC71E2DE1A650A8342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B3D17FA Relevance: 2.1, APIs: 1, Instructions: 646COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 597 7ffd9b3d17fa-7ffd9b3d1cd4 SetupDiGetDeviceRegistryPropertyW 604 7ffd9b3d1cdc-7ffd9b3d1d0d 597->604 605 7ffd9b3d1cd6 597->605 605->604
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2439362622.00007FFD9B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_7ffd9b3d0000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DevicePropertyRegistrySetup
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3249385096-0
                                                                                                                                                                                                          • Opcode ID: 60784a8eb1af86843cb8e792ba9a9c67bf2178a0720cd3a5f835fff867b60711
                                                                                                                                                                                                          • Instruction ID: 637aea3d4fddfce5b25552fb934300fd3669ac07ffede82a17ea0f0116a9a996
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60784a8eb1af86843cb8e792ba9a9c67bf2178a0720cd3a5f835fff867b60711
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A41E471A0DB8C4FDB54DF59D8556E97BF0EF9A310F0442AFD08CD3252CA74A8468B91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B3D1D11 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 607 7ffd9b3d1d11-7ffd9b3d1d1d 608 7ffd9b3d1d28-7ffd9b3d1e03 SetupDiGetDeviceRegistryPropertyW 607->608 609 7ffd9b3d1d1f-7ffd9b3d1d27 607->609 613 7ffd9b3d1e0b-7ffd9b3d1e3a 608->613 614 7ffd9b3d1e05 608->614 609->608 614->613
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2439362622.00007FFD9B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_7ffd9b3d0000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DevicePropertyRegistrySetup
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3249385096-0
                                                                                                                                                                                                          • Opcode ID: e9f119e447d15512afe8274fbea6eed1e30d44f32ccfc34059b6dcebf6718dbe
                                                                                                                                                                                                          • Instruction ID: e203235edda0dbd9ee844bfa377c7bd0b288ce5a0b8d771bb28b007abe07e2b4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9f119e447d15512afe8274fbea6eed1e30d44f32ccfc34059b6dcebf6718dbe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D41A531A0CA5C9FDB58DF58D845AE9BBE0FF59321F04426FD049D3692CB74A8458B81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B3D1E3D Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 616 7ffd9b3d1e3d-7ffd9b3d1e49 617 7ffd9b3d1e4b-7ffd9b3d1e53 616->617 618 7ffd9b3d1e54-7ffd9b3d1ee2 SetupDiDestroyDeviceInfoList 616->618 617->618 622 7ffd9b3d1eea-7ffd9b3d1f18 618->622 623 7ffd9b3d1ee4 618->623 623->622
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2439362622.00007FFD9B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3D0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_7ffd9b3d0000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DestroyDeviceInfoListSetup
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 271767589-0
                                                                                                                                                                                                          • Opcode ID: a2f0bd40ab7cffa900f733e78b18527849a2e2560489ff0526a809bafc0ac0be
                                                                                                                                                                                                          • Instruction ID: c739ec6826e4b13682369e897f2d5771c10cac248050916ad2820b1aef439941
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2f0bd40ab7cffa900f733e78b18527849a2e2560489ff0526a809bafc0ac0be
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0031E43190CA4C8FDB58DBA8C855BF9BBE0FF56321F04426ED049C3692DB75A856CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4C12C0 Relevance: 2.2, Strings: 1, Instructions: 910COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2A_I
                                                                                                                                                                                                          • API String ID: 0-941469806
                                                                                                                                                                                                          • Opcode ID: 204b78cb8d903877b41084a7b00566a699743b9f985da6b8b77b8eb6f4b54b69
                                                                                                                                                                                                          • Instruction ID: f12fac6fe531ac6d490edb690e3afc0ecb350ecb2d98a4d14672b74120c29028
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 204b78cb8d903877b41084a7b00566a699743b9f985da6b8b77b8eb6f4b54b69
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47525B62B0FBC40FF73956AC58251B96BD2EF85764B1900FFE089871FBE815AD02A345
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C3751 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 6m\
                                                                                                                                                                                                          • API String ID: 0-3107426401
                                                                                                                                                                                                          • Opcode ID: f166ec15864430045b7c9c3706aad9da89a4af620b4581f744a3aef863319836
                                                                                                                                                                                                          • Instruction ID: 3e90e60346b0da1d003e0b8375025fa260fa659fa3654e24557b7716ceec8070
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f166ec15864430045b7c9c3706aad9da89a4af620b4581f744a3aef863319836
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2591592160F6C90FE766A77C98756B17FF0EF43628B1901FAD0D9C70A3E9189846C752
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C1518 Relevance: .5, Instructions: 492COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5398f507317328f36d0cbd64f2dec0f722ebefdc2a35120577068d39e359828e
                                                                                                                                                                                                          • Instruction ID: d8810f81da5936f54e6fd742fa6fc3d159447a573fb7b7218a82361279a194b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5398f507317328f36d0cbd64f2dec0f722ebefdc2a35120577068d39e359828e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0E14862B0FBC90FE77966AC14251B86BD2EF46724B1901FFE089871F7EC15AD029341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C3B30 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 7m\$(7m\$@7m\$H7m\$X7m\
                                                                                                                                                                                                          • API String ID: 0-2653636772
                                                                                                                                                                                                          • Opcode ID: ac07d124054596381b0e0adfbdc060171ad8a3fe06794c906ce69a05c7cd304c
                                                                                                                                                                                                          • Instruction ID: 87b387212b4fe7d741fdeab514f457e6e2d000a11d0bcf23059f7191e8e22897
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac07d124054596381b0e0adfbdc060171ad8a3fe06794c906ce69a05c7cd304c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20513631A19B8A5FE752FBB484614F8BBE0EF05324B1505FCC099CB1A7DA389E42CB11
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C3F5D Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: `7m\$h7m\$p7m\$x7m\
                                                                                                                                                                                                          • API String ID: 0-2404480026
                                                                                                                                                                                                          • Opcode ID: a686f9d637d85499ced00dc82b32c24295f060bedac8f495cd345bf7b196aa9b
                                                                                                                                                                                                          • Instruction ID: 60621fbcbe7d80a28b0136b7c5810e6b29e6f3b30864a18c6685c81e5b0fbf42
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a686f9d637d85499ced00dc82b32c24295f060bedac8f495cd345bf7b196aa9b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72312871A0D7881FE782BBB858261F97BE0EF4563070901FEC459CB1B7D92D8E828741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C4E6A Relevance: 4.0, Strings: 3, Instructions: 218COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: (8m\$x6m\$x6m\
                                                                                                                                                                                                          • API String ID: 0-1631973114
                                                                                                                                                                                                          • Opcode ID: 2592de61d491e4259f9b1d2559677d212659a73e1583a6168586831829930e01
                                                                                                                                                                                                          • Instruction ID: 50d489aeab4742dac02bf5277e2f56b9a52368b1d8b83d0161e025aaef5f32de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2592de61d491e4259f9b1d2559677d212659a73e1583a6168586831829930e01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6613931A1E6C90FE75AA77444266F97BE1EF82724F4A41FEE04ACB1E3CE5C49069341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C5066 Relevance: 2.8, Strings: 2, Instructions: 255COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @8m\$H8m\
                                                                                                                                                                                                          • API String ID: 0-227147715
                                                                                                                                                                                                          • Opcode ID: e5795c38014258b0c59a3ef3ecd169ddb4b2627659e6915e916c0f56a199cbfe
                                                                                                                                                                                                          • Instruction ID: 085402ac2bc71e16391d8dd877b94f862a662ec52a7681b758902e5c5b90d4c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5795c38014258b0c59a3ef3ecd169ddb4b2627659e6915e916c0f56a199cbfe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6816830B1DA850FD71DAF7894264F8B7E1EF54714B5501BEE04EC72E3DE289A428785
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C580D Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: P8m\$x6m\
                                                                                                                                                                                                          • API String ID: 0-1543268377
                                                                                                                                                                                                          • Opcode ID: c61ca36d0ff4a2f7b694a3f36e588a4f352cde17841d868b61ca53f81e1e48c4
                                                                                                                                                                                                          • Instruction ID: 776001bd83585e4985d0bba9264a6b3c82b47ae4b851bdd64d618c18061eb17d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c61ca36d0ff4a2f7b694a3f36e588a4f352cde17841d868b61ca53f81e1e48c4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D411612B0FA4A0FEBA5B6BC54762F937D1DF84A24B1600FED049CB1E2ED089D469341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C4F55 Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: (8m\$x6m\
                                                                                                                                                                                                          • API String ID: 0-277285332
                                                                                                                                                                                                          • Opcode ID: 8b52f1736daea915ca2e14e9b5945bfd0ae65746a237ebd536376eae2c520555
                                                                                                                                                                                                          • Instruction ID: f996bf33c28cda2efd03db356af73015499fe88e311d87d321b60beb086329d6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b52f1736daea915ca2e14e9b5945bfd0ae65746a237ebd536376eae2c520555
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3731C520B2D9890BEB1DB7684035AFD76D2EF95314F4A41BDF04A871E7CF5C9902A245
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C40E5 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: x6m\
                                                                                                                                                                                                          • API String ID: 0-497534584
                                                                                                                                                                                                          • Opcode ID: 5bcf7eeabf8882598ba3db903587b065f65322280f65f1a3185104194adb9937
                                                                                                                                                                                                          • Instruction ID: f64b6d56501e9c1b6661854b5b849a2e3ca3c6f2dd306228fa0a9421f7a0353a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bcf7eeabf8882598ba3db903587b065f65322280f65f1a3185104194adb9937
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23716C21B0EA8A0FE7A5BBB854767F86BC1EF41668F5501BDE049C71E3DD1C99418382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C4CCA Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 7m\
                                                                                                                                                                                                          • API String ID: 0-3103128150
                                                                                                                                                                                                          • Opcode ID: 31523b4f796bf181066c194c09d461b0bf8ea1af1ca1b3abbff815900b028ecb
                                                                                                                                                                                                          • Instruction ID: 8044120a3c76fbcaecd2829fc4cd03c37e2a9d2eb5c27c9dbd57f4557a5793d3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31523b4f796bf181066c194c09d461b0bf8ea1af1ca1b3abbff815900b028ecb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9512931A0EA891FDB52AFF854260F9BBE0EF0673070501FED459CB1A3C92C8E468781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C4FA9 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: (8m\
                                                                                                                                                                                                          • API String ID: 0-3694453968
                                                                                                                                                                                                          • Opcode ID: 659041c095864ace47ac1ee79ef9056c8c69613c8f3593f4b396a58922165d38
                                                                                                                                                                                                          • Instruction ID: 2ad3da035c60791cb742f8be08162ae030ca83f36b72dc9c35f52e3da90b6173
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 659041c095864ace47ac1ee79ef9056c8c69613c8f3593f4b396a58922165d38
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C11A514B2D9890AEB1E77684075BFC66D2EF95304F8A40BCF04E871E7CF5C9906A359
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C29F0 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: x6m\
                                                                                                                                                                                                          • API String ID: 0-497534584
                                                                                                                                                                                                          • Opcode ID: e1d3163f74e6a2eee2532cc881b10e9171950aeb36eddfde448b4d8b936dc835
                                                                                                                                                                                                          • Instruction ID: a01e75684351e5be84c5f2099b6101d50edee61de5cad76550c57ffabc6b6bcf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1d3163f74e6a2eee2532cc881b10e9171950aeb36eddfde448b4d8b936dc835
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0801F121B0E05A1BD73C67B09C219F53B169FC6358B0A51BAD00DC72FBDC6D66028350
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C2A70 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 140534a8df524e7143c299ed8dfdae9065268502c9cd48859ba8d331d49cee73
                                                                                                                                                                                                          • Instruction ID: c5e5fbf57b5da3c22f7fceac325fde8fae96f52d3b26a9946e1b5f7860010bcd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 140534a8df524e7143c299ed8dfdae9065268502c9cd48859ba8d331d49cee73
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D511711B0FA9A0FE7BAA6F808751F52F91DF86A54B0A41FBD05CC71E7EC4869069341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C34E1 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8485cc3298a007ec0ec5aeae5ad3d131620cd79abbafb0365c2bd2595861f1a2
                                                                                                                                                                                                          • Instruction ID: a17cd40a160fba899eacbb2d52e94d478ba4a49c42e127748ec1395c1ac4c24a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8485cc3298a007ec0ec5aeae5ad3d131620cd79abbafb0365c2bd2595861f1a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5551E631B09A4C8FDBA5EF6CD8599E97BE0FF59314B0500BEE409C32A2DA359D41CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C2258 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 46bd5b06b9daaf85a07a230f03a85f80b55b70ca5bf893a339be5237da81fab3
                                                                                                                                                                                                          • Instruction ID: 54e0e4eda44c29f3f13e9f49c858558230efd09fbfc44bd6c990c2c8f04bbb22
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46bd5b06b9daaf85a07a230f03a85f80b55b70ca5bf893a339be5237da81fab3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B514B23F0E65A0FE7597BBC68621F57BD0EF41224B0902BBD499C70E7ED0969874381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 468711a98d1f271e818599c1370e0438e62ef367af317489244b11b4831574fb
                                                                                                                                                                                                          • Instruction ID: dd3ae28ae0de152b5651909ae07faab0355e09dedba9205ebb7c1b17b554ad79
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 468711a98d1f271e818599c1370e0438e62ef367af317489244b11b4831574fb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85411611E0EB8A0FE7AA667848756F53BA1EF56664B0601FBC058CB0F3ED4C5D468342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C55EB Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e53bbadd292cc964a6fc278289c7d1af6b689c4e7cee1ae5337aab8e59beea86
                                                                                                                                                                                                          • Instruction ID: b1c4fe88ff9fdb96e7ab2bca0ab628f80cef11806ff3bfedd6fe21cf893d9fb9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e53bbadd292cc964a6fc278289c7d1af6b689c4e7cee1ae5337aab8e59beea86
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8413831B0EA894FDB19BBB854260FC7BD1EF4472875501BED00ECB1D3CE299A028785
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1e10695742589c4159a5c93268e8f42fc803213b020c6ae9a1c6a938ac7b56a4
                                                                                                                                                                                                          • Instruction ID: ace3c78345a2b124d9931b384f1a3011989fb42bcc4000df4a027ff8e82fa987
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e10695742589c4159a5c93268e8f42fc803213b020c6ae9a1c6a938ac7b56a4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C41D53191E7CD4FDB2AABA958655F57FA0EF13329F0401BFE089C31A3CA582516C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C454D Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b74a473aa95dc44a33baa7d7715ec6f94aa5dbe5c4a8a8dbc4700485b721f74a
                                                                                                                                                                                                          • Instruction ID: 55e6898167149d0a3a36a6fde276a8474b281c3eb840cbb37431cb8f5f009d9f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b74a473aa95dc44a33baa7d7715ec6f94aa5dbe5c4a8a8dbc4700485b721f74a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6316731E0A61C4FD765FBFC88155F97BE1EF49720B0602BEE009D72A2CD286D019790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C02E0 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f8e6de1784d70f023ebabf1334a756f77804da07e9ce77429d3cae8801a6572d
                                                                                                                                                                                                          • Instruction ID: d664f6dfa0dfc0297817450d0014f2c6f2da7e27b1e102f2d434a35cad166a85
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8e6de1784d70f023ebabf1334a756f77804da07e9ce77429d3cae8801a6572d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2631F571E0A61C4FD765FBB888155FA77E0EF48720B05017EE049D32A2CE286D419795
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C5AF1 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4ab672fc4ade6a83ef5fed0cd01a8d34d99e488a00aa08544be40a00050283d1
                                                                                                                                                                                                          • Instruction ID: b9294a2fb720e8cf2046e04151de0b39b7b3004a25671dd93b0ae6e54cda9ecf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ab672fc4ade6a83ef5fed0cd01a8d34d99e488a00aa08544be40a00050283d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4521D63091E6CD4FDBA6AF6848616F93FB0EF06304F1500FBE498C7093DA689955C792
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C426A Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dfa5605720e45e6ad66920257003ab36c733040726cb372ac9a2d9a89dd323af
                                                                                                                                                                                                          • Instruction ID: a00fb3517a7f36a947133ef3587793575699c1c496897e2cd8220e65b8b3e833
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfa5605720e45e6ad66920257003ab36c733040726cb372ac9a2d9a89dd323af
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78116D20B1D50946E758BB6894A67FD61C1EFC4758F61593DE41FC22F5CD2CE9405282
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 73787e7e3e31795cfc448f24f5629eb6e8174edfbc58c290e68c6c57ed3907f9
                                                                                                                                                                                                          • Instruction ID: 69a373947f70b9382f0535e97c47426ae39bf1484c867d53b63bdbef7c475865
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73787e7e3e31795cfc448f24f5629eb6e8174edfbc58c290e68c6c57ed3907f9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F08611B1FC5F09F27731EC16B62F961C1EB45A2CFA61535D82DC61F2DC28FA522542
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C3A55 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 936fca69df7927a41d849112afb4d4ebaf266ea5fc3b4426f07be9075f55102d
                                                                                                                                                                                                          • Instruction ID: 7397387936138ff2603ecad9867cc994455cd46030900f53c3b4342d72ec56cb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 936fca69df7927a41d849112afb4d4ebaf266ea5fc3b4426f07be9075f55102d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F0F470718A8A4FD785EB7444796F6B7D1EF1932070402BDD45ECB1E7DE2C99818300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C3060 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f235cd58ae278c6e8b8fdc2efdf12871e2d8863ffbeb8a118dec71c4c72164aa
                                                                                                                                                                                                          • Instruction ID: 4aefebc4d5ee63d483e120bb0b113fe57face125ffa73445002b9678c2ca372e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f235cd58ae278c6e8b8fdc2efdf12871e2d8863ffbeb8a118dec71c4c72164aa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8F02421A1F6960FD7A953B948268B2BFA0DF4662470912FAD048C71A7ED2808069701
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bf1a68f9c1d3a87a85940ac658332253110b7e66b33c94fbe019d704371cff47
                                                                                                                                                                                                          • Instruction ID: 05d1d47d63551489a07c923460a289d40ad1160d32cc02cd4fd414d417ae563d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf1a68f9c1d3a87a85940ac658332253110b7e66b33c94fbe019d704371cff47
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2E07D3360F94C5BCB10EA9A7CA04CA3F98FB8D318B01012AF48CC3251E2525511C351
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C4DBE Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 72c44e97a83cb295c0991e1defceb879c013a03840f3963314d460f78b96c672
                                                                                                                                                                                                          • Instruction ID: 1076fd378c65c1e0a62298b13a50bcd28bd062a728fdaf1e331e052d7ce5a2b1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72c44e97a83cb295c0991e1defceb879c013a03840f3963314d460f78b96c672
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06C08C33F1800E8AAF20AAD8A4010FEF3B0EB4432AF004133D62AD2500D62461225BD0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4C0271 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000020.00000003.2497050239.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_32_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction ID: 06401d89036e6c46b20f7c1a37fce2788aa04f350aaf19392997c2e569a891a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00A617F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: da2f41824e5f4c57ab645518b42753bbcde49ed9e51c860f6dc2c87bc5e28eb8
                                                                                                                                                                                                          • Instruction ID: 5fd13235b4f009383ffceb0cfdcbc7319ac650c39f5d7212d54235d0d0de7310
                                                                                                                                                                                                          • Opcode Fuzzy Hash: da2f41824e5f4c57ab645518b42753bbcde49ed9e51c860f6dc2c87bc5e28eb8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B218031D00719CFCF11EFA8D844499FBB5FF85311B1986AED4196B222EB31E985CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A617E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq
                                                                                                                                                                                                          • API String ID: 0-847773763
                                                                                                                                                                                                          • Opcode ID: 30847c5f8c08501096f9ea25076c8187439200aa0ac3a4ebd452115cf2c6f47e
                                                                                                                                                                                                          • Instruction ID: 2c1d4aa2017589940f2a680800ee49964f53a4c991caca1e3d9ee929749b42ed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30847c5f8c08501096f9ea25076c8187439200aa0ac3a4ebd452115cf2c6f47e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A321E031D00759CFDF119FB8C8544A9BBB1FF55300B098AAED449AF222EB31D885CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A60848 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 95507f7a66dc52c30bf983fbd3c4d18b3db2c3f7e9e52a9e0da8270f3512583b
                                                                                                                                                                                                          • Instruction ID: 7f6838ea9b75131ef8c99bec0eae957e0e5a6a3db32626b83d40552fec9e4432
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95507f7a66dc52c30bf983fbd3c4d18b3db2c3f7e9e52a9e0da8270f3512583b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE61CF30A00319CFDF14EFB4D958AAEBBB6BF88744F108569D8059B365DB749C86CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A615A2 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 279ba7c70b8753b9fb698f3f6781f97b5796b8dab70b68fb12a275c8da8087d7
                                                                                                                                                                                                          • Instruction ID: 729ed0268f973045dcf475b8ffd04114f6070fe385b38c73d40ad7bdb1aeceb8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 279ba7c70b8753b9fb698f3f6781f97b5796b8dab70b68fb12a275c8da8087d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76515F32E50B06A6E710DBA9CC45B99F371FF99700F61CB1AF6583B191EBB0A1D4C681
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A615B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8e739b4d0c6a8d992e39729bed95d17fadae4590961484eb7751976068f24de6
                                                                                                                                                                                                          • Instruction ID: dd8250ea9e4982be0d423e7401c9e92901220dfcffb3cdfbf1df38b07b97ffcf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e739b4d0c6a8d992e39729bed95d17fadae4590961484eb7751976068f24de6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18514E32E50B06A6E710DBA5CC45B99F371FF99700F61CB16F6583B191EBB0A1D4C681
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61DC8 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0a7737b0c860b3fc6540634c7a976f9b6750f24ec206a9e9ebdb35aa6c768a9a
                                                                                                                                                                                                          • Instruction ID: 763bff39ae0509edeb2dedc359e1b2d3b93af39c34ccfde9b8b1d861b0c16737
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a7737b0c860b3fc6540634c7a976f9b6750f24ec206a9e9ebdb35aa6c768a9a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82414232E00A4A9BCB10DFB9C9905EDF7B1FF95300B15C62AD555B7115EB30E696CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61029 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 608cbd4866fa582049da0d5e30e80655d4f6d989b673b40798b09c58d1569dc5
                                                                                                                                                                                                          • Instruction ID: f8b343b988a64b2a42e659be05df5865c0966f1e81feca122d5a1d1ac69019a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 608cbd4866fa582049da0d5e30e80655d4f6d989b673b40798b09c58d1569dc5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB415E70F0060A8BDB14DFB9D994AAEBBF3FFC4305B14C528D119A7265EB30A906CB50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A60F11 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dcae8465b73531a6c308ac755ae763e36789d1ea91c825dcdf63c471f0e0880a
                                                                                                                                                                                                          • Instruction ID: 18d71b1f10c127baaa924ae67acc703c8ce52b7ff4670e6cc2d4ec96c5c9a297
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcae8465b73531a6c308ac755ae763e36789d1ea91c825dcdf63c471f0e0880a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E21D532A093948FC316D7BCD4516AABFB2EFC1315F19099BD1899F193DB205C85C792
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61F34 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0fd69b0d886c4b2d9a3a8a35b3f90e44fa439c483d416719c032407cf7b6902c
                                                                                                                                                                                                          • Instruction ID: 2581e7a883a74614ef7eb8b15cf9e88a64782ebb9b36606f621bf0954acac73c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fd69b0d886c4b2d9a3a8a35b3f90e44fa439c483d416719c032407cf7b6902c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3041F4B1D00749DECB10DFA9C984ADEFBB5BF48304F24852AE419BB250D7746A49CF94
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61A89 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 97e36cb47a7b42ba990e892b5581f0ac4d39e9ef33782beb4ecad7b7396df5db
                                                                                                                                                                                                          • Instruction ID: f457c4370a3b0674fc06032f62b3a628599631a6439056fcfe19579e0bd02b2b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97e36cb47a7b42ba990e892b5581f0ac4d39e9ef33782beb4ecad7b7396df5db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13319532E016099BDB00DFB9D8905DEFBB2FF94300F55C66AE545A7121FB30A585C790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6b6d35aa27b6f0d1ac18e845aba104a18a5b20cd693816a6bb0cc60f9192c049
                                                                                                                                                                                                          • Instruction ID: 62a3ebad49fe2214ea1a6b3f0741e847d92743c46337debab15f7894542daea4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b6d35aa27b6f0d1ac18e845aba104a18a5b20cd693816a6bb0cc60f9192c049
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D441E4B1C0075DDACB14DFAAC944ADEFBB5BF49300F20852AD419BB240DB756A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A611E4 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4a0c193bdf698977fb4b08db2b580c7d1964ab02a19349dbfe444270a74c4245
                                                                                                                                                                                                          • Instruction ID: 4452a381845ff22060f63b90f9bb22d3fa0a990697fe621e745bd6734e6866e4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a0c193bdf698977fb4b08db2b580c7d1964ab02a19349dbfe444270a74c4245
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D4103B1D012489FDB24DFAAC995BDEBFF6AF48300F14802AE419AB290CB745945CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61934 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 43cf92b3af5d5a942a367ab9d53bc82e1dfcd3e6909adeadb2d5f26204d1dc71
                                                                                                                                                                                                          • Instruction ID: 32b28b1335011ad8ebccf23cdea59443c1f00744b455653ad0c2ad9854156e63
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43cf92b3af5d5a942a367ab9d53bc82e1dfcd3e6909adeadb2d5f26204d1dc71
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC4113B1D01248DFDB24DFAAC985BDEBFF5AF48304F24802AE409AB291CB745945CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A611F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ac8878f94dd6ddc410899df23651b4158609ca7d761ba356bccc9a360e4436e6
                                                                                                                                                                                                          • Instruction ID: 5565b2bcf74586338c3b55a14ff13495014bbc36503781c404b111496217628a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac8878f94dd6ddc410899df23651b4158609ca7d761ba356bccc9a360e4436e6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD31F5B1D012489FDB24DFAAC995BDEBFF6AF48300F14802AE419AB290CB755945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 51846c7608bca3882540585e0bd0cb7017b1d3a76c60d9131db1565d299e9b65
                                                                                                                                                                                                          • Instruction ID: b7c9a8d6f0e045cd4973e1e63565911754956079bd0a2bdac79986ef6206c0f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51846c7608bca3882540585e0bd0cb7017b1d3a76c60d9131db1565d299e9b65
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B31F2B1D012489FDB24DFAAC985BDEBFF5AF48304F24802AE419AB290DB745945CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61CB4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 812a8721b0bcd43c14da945f31132e1dab07f5f4b7d6fca248d83091cd340a4b
                                                                                                                                                                                                          • Instruction ID: 56a96ae9c91af305d50ef9d155d500b180b09e4b55bd68d5a149f6d43e16cfb4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 812a8721b0bcd43c14da945f31132e1dab07f5f4b7d6fca248d83091cd340a4b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 743114B0D00248DFCB24CFA9C884ADEBFF5AF48310F24812AE419BB240CB755845CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0e39b718367928c44cd96227791626ccd2990ffcf3f578dcb0f65b03b3e0982a
                                                                                                                                                                                                          • Instruction ID: 13d437fb2d3e9dafef841a4c2cfcf4e351ebc6ad6fe7265fcd317c361ae7a4cd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e39b718367928c44cd96227791626ccd2990ffcf3f578dcb0f65b03b3e0982a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2931D5B1D00258DFDB24DFA9C584ADEBFF9AF48310F24842AE419BB250DB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A60830 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f76880297125b3c6606231d8de050f30941401adff8944a4015a7e789dfc00b9
                                                                                                                                                                                                          • Instruction ID: 4efca9da81761eff1e4968855830589e0459615e6055206f5f57a18e4bbb1b33
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f76880297125b3c6606231d8de050f30941401adff8944a4015a7e789dfc00b9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9721D4316043418FCB16EB74C810AAF7BB66FC9744F04446AC805DB39ADB358C46C781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61BA4 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c5474f2f8c64dc67994ecf4d05f35faef4417d8237798c8e44e2efd75f5ec1f1
                                                                                                                                                                                                          • Instruction ID: cf8050d0ba2652162402ee533e7e4b26d3d7554727db0e2ed0cf1dfb52d6c9aa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5474f2f8c64dc67994ecf4d05f35faef4417d8237798c8e44e2efd75f5ec1f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7631E3B1D00258DFCB14CFA9D594ADEBFF4BF48314F28802AE419BB250CB755845CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7a5107e5462a62159721c8be3b3602d2fb94b760d7e997a62650d738523c63fa
                                                                                                                                                                                                          • Instruction ID: 922e408af818db2d666a412e9751b3701a1601dbc5b100d266d8cd35219fdb25
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a5107e5462a62159721c8be3b3602d2fb94b760d7e997a62650d738523c63fa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3121E2B1C00258DFCB24DFAAD884ADEBFF8BF48310F24802AE419BB240CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61188 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 52ee5d106d539345627665a4dbcba2e9cd254ab269bc27b66e10457fb82f69ad
                                                                                                                                                                                                          • Instruction ID: 62d44275547663243219d3feaf4ceb155807fd492c5b2f32f88d68518e66f25e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52ee5d106d539345627665a4dbcba2e9cd254ab269bc27b66e10457fb82f69ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4F06571B05108EFCB00DFB8DD90EAD7BF6EF95305B4485ACE509CB251DA319A12DB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A618E0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5f66b1a487af476f4b7f4f73fefe24b5e710b420660e23e25be233eb0fdd6244
                                                                                                                                                                                                          • Instruction ID: 9be64ca1c7a02d2fd5650db0875ada688c32b269e9062fdf6f61326ced780b3f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f66b1a487af476f4b7f4f73fefe24b5e710b420660e23e25be233eb0fdd6244
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BF0E531701109DFDB00CFB8DA91A697BB7EB81309B05C4ACD109CB111EA30DA029740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A60AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 681758a0b3579f42e00be0de3e706aec90b6c790dc995dc4e9e9435a01cdba3f
                                                                                                                                                                                                          • Instruction ID: 80b3bf5fad7d8a0e6d7055e5f695f87ae302a22a1d16ed6271abe20fa2c885e3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 681758a0b3579f42e00be0de3e706aec90b6c790dc995dc4e9e9435a01cdba3f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBF0F874E11218EFCB41EFB8E94559CBBB5EB88301F5089A9D409A7254EA302B458F80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A61198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bc3af1b5cc17a21b4090ddb09ff34067705bea21ef645e0fc1bf927ecee38bda
                                                                                                                                                                                                          • Instruction ID: a35ba7d17ab111334c8d0a6edba805a56cc1535d356680119028d9f3a7247abf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc3af1b5cc17a21b4090ddb09ff34067705bea21ef645e0fc1bf927ecee38bda
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E09A71B0120CEBCB00DFB5CE40D6EBBEADB81304740C5A8E6098B210EA319A029B80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A60B3A Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 72f258d66a57cddf7f4925dd261de9f256e94c0a9ed812ba2469b877d0e7e431
                                                                                                                                                                                                          • Instruction ID: cac01c7a62d80b7b1ed6d76c5507ed609d75f5d5d7fa42a0e56d5c0f0ee5d354
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72f258d66a57cddf7f4925dd261de9f256e94c0a9ed812ba2469b877d0e7e431
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18D02B72714A604BC304E73CA0813D97BD2EFC0312F40452BE00887285CF604C4187D9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00A609B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000021.00000002.2492999271.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_33_2_a60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8416e5eff56def45ce02d9bfbcfb4462355662687b4ad1e689305e8e02444036
                                                                                                                                                                                                          • Instruction ID: e22525561db6e85cf5e12a3deb7638f57f19e0c01e34586725c775d1bc142fe5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8416e5eff56def45ce02d9bfbcfb4462355662687b4ad1e689305e8e02444036
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9D09E75700219CFCF00DFA8D4485DC77B0EF88755F0000A5E109DB360D7759855CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B3E0828 Relevance: 12.5, Strings: 9, Instructions: 1265COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000024.00000002.2496749743.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_7ffd9b3e0000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 7-`$(7-`$07-`$87-`$H7-`$6-`$6-`$6-`$6-`
                                                                                                                                                                                                          • API String ID: 0-897809806
                                                                                                                                                                                                          • Opcode ID: 2d8c0de201f67bb30d2df041fecf8761aba590e9792df973af40245183c569ee
                                                                                                                                                                                                          • Instruction ID: ad7718ad5a1f04062e178d2427fecbf09898c1dd7c032555a464931b03ec7d1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d8c0de201f67bb30d2df041fecf8761aba590e9792df973af40245183c569ee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9826C61B0EB895FE765EB6884636A97BD0EF85310F0505FFC489CB1E7D91CAD068342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B3E0FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000024.00000002.2496749743.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_7ffd9b3e0000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d468e9391c7e190f14e074d0c0be16f43400f86fa22de245deed775e18cd6bd6
                                                                                                                                                                                                          • Instruction ID: 5478a51bcde3bc92ee1a56b34b03f414dbc69c93d18d98665c44a84cbbd52beb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d468e9391c7e190f14e074d0c0be16f43400f86fa22de245deed775e18cd6bd6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B71DA5370FEC60BF376959C28612256F91DBC666071901FFE0C88B1FFE859AE4A8391
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B3E135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000024.00000002.2496749743.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_7ffd9b3e0000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 34ca230072e4230f4b26120cea88c11fcda72180061687daaddb7a716bd27997
                                                                                                                                                                                                          • Instruction ID: 799cfa78c2031ba7a04387ad4a7c256d2a40fe439d8c2577853732e98312060b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34ca230072e4230f4b26120cea88c11fcda72180061687daaddb7a716bd27997
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8921B631A0CA1C9FDB18EFA8D849AE97BE1FF55320F00422FD049D3652DB756846CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B3E0E47 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000024.00000002.2496749743.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_7ffd9b3e0000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c3fc8474de98346062eada40084db5cf6fa5688d2bf5caa4eecef9bca3294802
                                                                                                                                                                                                          • Instruction ID: 0399d0f58a585b070c046549d58cce67c3e84e937ae2982aeb76dd2df829e1dc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3fc8474de98346062eada40084db5cf6fa5688d2bf5caa4eecef9bca3294802
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6F0B471A0DA484BD714AF68A8134E9BBD0EF54364B2405FFE00ECA196D93A95828382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4B12DE Relevance: 1.9, Strings: 1, Instructions: 697COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2B_I
                                                                                                                                                                                                          • API String ID: 0-979045943
                                                                                                                                                                                                          • Opcode ID: 6553c930e32dab106c2e8301de4c307b9c7e5050c9babac28285b20d84268cbf
                                                                                                                                                                                                          • Instruction ID: 792ecafb885ac845bd7a42b00d673853ada46e49f17223ff3b125f99827d7693
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6553c930e32dab106c2e8301de4c307b9c7e5050c9babac28285b20d84268cbf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B2206A3B1F6D50FEB3595AC186817D6B92EBD236471940FBD0C8870FBE814AE06E741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1518 Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6e20ef950d298c2c63d2db9b4958a2aab8da5a06a7b824c6e0e72f8e1da4a3cd
                                                                                                                                                                                                          • Instruction ID: 56215eed3e172934cb41051fde28777980ba5fb663ac3a2e6d540993b2da230a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e20ef950d298c2c63d2db9b4958a2aab8da5a06a7b824c6e0e72f8e1da4a3cd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4D16562B1FAC90FE77996AC146917C6B92EF89224B1900FBD088871EBEC14AD06D741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B39B9 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dc778e946280a769a74a5be2c5eefa8182d5ba62c02f4f4d40ef219373e79e88
                                                                                                                                                                                                          • Instruction ID: 034a5ba3db7a470c5c37931b0d6ca8efefb1dfc3ec4f867d4036e985cba5f96b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc778e946280a769a74a5be2c5eefa8182d5ba62c02f4f4d40ef219373e79e88
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37C11431E0DA4D4FDB59EF6888257A977E0EF55308F1100BED41ACB2E6DE34A946CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B3751 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 882bee2e977f27e7bdb052657d5c2df17c2375a471e35ade6ec4d4118bf8c8f7
                                                                                                                                                                                                          • Instruction ID: a23af576fe422529f3b61918ff32f51cefed5111dd8bbc34fd813943c62fb601
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 882bee2e977f27e7bdb052657d5c2df17c2375a471e35ade6ec4d4118bf8c8f7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A917A2160E6D90FE766977D98746753FE0EF53328B0A01FBD1D8C70A3E908A846CB42
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B3E1A Relevance: .5, Instructions: 470COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 818266f49882713b9b0e059d9892d14ae968f80f57a2732e4015a1fe39486632
                                                                                                                                                                                                          • Instruction ID: b4bc0b1b9af3a939ee97137b5d16a8a8d064a4c35cb26818a02782805d96e391
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 818266f49882713b9b0e059d9892d14ae968f80f57a2732e4015a1fe39486632
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B513B12A1E1621AE315B7BCB8629E93FB0EF41338B0846F7D0ED8B0D7CC4824C68795
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B3ED3 Relevance: .4, Instructions: 379COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 59ec3f7cbaac0023e75c7ebfa986bf71d45f0449d3a89ac5dd87f1da3959d321
                                                                                                                                                                                                          • Instruction ID: 8fe86ddee16ce88cc237ae618ae39c56db12823975901404a1c85a81d2bc310e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59ec3f7cbaac0023e75c7ebfa986bf71d45f0449d3a89ac5dd87f1da3959d321
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4631F42261E5550EE316B77CAC66AE93FB5EF41334B0882F7D1ADCB097C84868C68395
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B20FA Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f76781fc1f52d838c940cacf87ae9bb60947da64bffdc014c660581a0aaa891b
                                                                                                                                                                                                          • Instruction ID: 87b9f680a6210f1048f552ae180177860e89437c49e4447111a9cf689cd0b1c6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f76781fc1f52d838c940cacf87ae9bb60947da64bffdc014c660581a0aaa891b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2910817B1E1A60AE319B7BDB4665F97F61EF8123870842F7D0D98F0D7DC08648A8295
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B2C25 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 585d2351649947e456ae55b23a98c3378d3388391fd6a13a450420af1f15facb
                                                                                                                                                                                                          • Instruction ID: f27a19a4ac60f918db61dabf43b15e8ed4a6c110d238d50be064ece32debe1ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 585d2351649947e456ae55b23a98c3378d3388391fd6a13a450420af1f15facb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88515811B0F7AE0FE7BA56B854352AD2FE0EF46254F0605BAC159CB1E3ED0C594B9341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B34E1 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d520e081a477272f09b63f78cf2b79df4200abf17f9eb8fe344c9911f071ab8d
                                                                                                                                                                                                          • Instruction ID: c215df807dda0381876eaf9137a937d50f38aea5504b381bc9489f389f71966a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d520e081a477272f09b63f78cf2b79df4200abf17f9eb8fe344c9911f071ab8d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C551BE30B19A1C8FEB94EF6CD855AE977E1FF68355F0500AAE40DD32A2DA35E941CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 711fb10c205afc3bbf2ae0bcadb724029a680b3635ad4eb404adc529d6210c62
                                                                                                                                                                                                          • Instruction ID: 187c0f69628800675b29c1753050a54adf407e9b8f78942adda02278e81ce5c4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 711fb10c205afc3bbf2ae0bcadb724029a680b3635ad4eb404adc529d6210c62
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61415711E2FBAA0FE7AA976808756A83BA1DF56250B0601FBC148CB0F3ED0C5D468742
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                          • Instruction ID: 1d5adb0db4673064f94400c73d7ad186b8f77c666749876ff84aadbccdf03b87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A41D33091E7C94FDB2A9BA958645B97FB0EF13329F0401BFD089C21A3CA582416C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1AAE Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b359c93cb826d19f718a9bb9456a3a4cb72acb0293f4231048738d48e1d8c7a2
                                                                                                                                                                                                          • Instruction ID: b52855686223cdfc3e7a5cbacb0b981e99546cb7159b4a2e556963d6e2b32ecc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b359c93cb826d19f718a9bb9456a3a4cb72acb0293f4231048738d48e1d8c7a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B801F531F1C65C4FDB78DE4894A50BDB7E2EF58218B02413AE05ED3271DE21A8119B00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                          • Instruction ID: 5fd56e2cdba77fee29d982ccd8e4105f27dfa6289c23d63f15cb53f4bdc19382
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11F06211B1AC7E05F27611EA16652BD2185AB4522CFA60536DA2DC61F2DC08EA522D51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                          • Instruction ID: 482f06afbf8c7f7d01d337c2106e2a8d71e3c13c79eb3284e2e96b3e8398fbe8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE07D3260F94C5BCB10EA9A7C604CA3F98FF8D318B01012AF48CC3251E2125511C755
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B0271 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000026.00000003.2556843250.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_38_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction ID: 06401d89036e6c46b20f7c1a37fce2788aa04f350aaf19392997c2e569a891a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4A12C0 Relevance: 3.4, Strings: 2, Instructions: 912COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2C_I$;4C_^
                                                                                                                                                                                                          • API String ID: 0-961891710
                                                                                                                                                                                                          • Opcode ID: 893b012b3fcc33bb0e9070e837e0fc711d11fab9509d6026b29c0766f0bcf579
                                                                                                                                                                                                          • Instruction ID: be05c84622000e4de9950705af600533e45e744c35fd975ed17ef4e31aa716b9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 893b012b3fcc33bb0e9070e837e0fc711d11fab9509d6026b29c0766f0bcf579
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A524B63B0F6C44FFB754AAC58651786B92EF963A4B1901FBD098C71FBE814AE01E341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A1518 Relevance: 1.7, Strings: 1, Instructions: 450COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: ;4C_^
                                                                                                                                                                                                          • API String ID: 0-623853526
                                                                                                                                                                                                          • Opcode ID: d7df4e10d89ed5524734df105aa8bfe1120aeaad94d4e99c4a665ff988379ff8
                                                                                                                                                                                                          • Instruction ID: fefdcdfc15ed2f309cfcff84e01f1d9b1eb41a9c7f1d1c8359259aecd4ebfdf8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7df4e10d89ed5524734df105aa8bfe1120aeaad94d4e99c4a665ff988379ff8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CD16B62B0F6C90FE77946AC18691786B92EF9A268B0901FBD099C71FBEC14AD01D341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A39B9 Relevance: 1.7, Strings: 1, Instructions: 406COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                          • Opcode ID: 57aac4277258314086fb2cd43dd31dd0203049b559068c588798db01e455ce87
                                                                                                                                                                                                          • Instruction ID: e3f560028083b1044ac3484c1e0374dd38e2389d85c72a1df99312d605b01f85
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57aac4277258314086fb2cd43dd31dd0203049b559068c588798db01e455ce87
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38D1D530A09A8D4FDB99DF28C4606A9BBE1EF5A304B5501FAD44DCB2E7DE31AD42D740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A5A71 Relevance: .7, Instructions: 715COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3c3ef5fcd1f907cf3afa50fc9ec80f3a99260751d278d5dd87d710224d203246
                                                                                                                                                                                                          • Instruction ID: ec6d349376fd42603c8f74d307c69ae75e544e6194a041962251530bce810440
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c3ef5fcd1f907cf3afa50fc9ec80f3a99260751d278d5dd87d710224d203246
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D32E430B18A8D4FE755EF28C860AB9BBE1EF5A304F1541B9D48DCB2E6DE34A941C741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A4C6D Relevance: .7, Instructions: 676COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1e3e44f04e806cbbdc3e6cef32d48efc271798438cdb3b25c1f4c30878728e1e
                                                                                                                                                                                                          • Instruction ID: b1c22297ac23b86af9e32b5af12472776f3243bc890fd7a56cdb2bbcb582050e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e3e44f04e806cbbdc3e6cef32d48efc271798438cdb3b25c1f4c30878728e1e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34E11931B1DA894FD75DAB2C94255BD77E2EF9A304B1501BEE04EC72E3CE34A9029381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A4C88 Relevance: .7, Instructions: 660COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 84e14f4be4db6bcd8a9bb452afd70184eab7e08cea33b6fb454fe9c17358d836
                                                                                                                                                                                                          • Instruction ID: f1878e691415b9b759bedcf2d9496b25b303519d1373f32c935ed2d81d426613
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84e14f4be4db6bcd8a9bb452afd70184eab7e08cea33b6fb454fe9c17358d836
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7E11930B1DA894FD75DAB2C94255BD77E2EF9A304B1501BEE04EC72E7CE34A9029381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A2290 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7009b96eddd7628cd4d1cf61d03dd3c7c8551bd798743fb4700fc1136896f1d6
                                                                                                                                                                                                          • Instruction ID: 182d1933aa6a9f5aa81973a8adcb22bf3fdc0c4b2c7dfe488f6d73f202f893d6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7009b96eddd7628cd4d1cf61d03dd3c7c8551bd798743fb4700fc1136896f1d6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35E12630B1DA894FD75DAF2C94255B9B7E2EF99304B1501BEE04EC72E7CE34A9029381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A0271 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ce626386d1d9bacf6575478c649a516222ead160cd9e5ba919c7dbe5900f4782
                                                                                                                                                                                                          • Instruction ID: ed48925129375f1a8b9753a960460ac57421b55b69d3c17c499a691f0f1ff870
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce626386d1d9bacf6575478c649a516222ead160cd9e5ba919c7dbe5900f4782
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04A14721F0E65E0FE76966B858365F97BD1DF8A324F1501BAE40EC72E3EC186D029781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A3751 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b232ee451920f5dfd6aa6e638bf369a02a97d0a95f3d2d0081dfbf70364c7a7c
                                                                                                                                                                                                          • Instruction ID: f89439742afeffc0e4971b82aff94b5006d14060ca1d5c24bcdb2bcf0b1b0838
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b232ee451920f5dfd6aa6e638bf369a02a97d0a95f3d2d0081dfbf70364c7a7c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A491382160E6C94FE7A6977C98756717FE0EF53328B0901FED0D9C70A3E908A946C742
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A4731 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 815d608c2042faa00b29ca3926bb8cad169cffa8b0e7e21f03710ccc25bc52c6
                                                                                                                                                                                                          • Instruction ID: 53e9dd25731443448a416bf43322db825a869013363f8440ab758ca65c8a81fa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 815d608c2042faa00b29ca3926bb8cad169cffa8b0e7e21f03710ccc25bc52c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2181D630A09ACD4FDB95DF2C88615EA7BE1EF5B304B5901E6D48CCB2A3CD34AD429781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A4760 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fa5e8f4c2447cef5f929b309eee25f1b7b18717366982591179f526c35e0b267
                                                                                                                                                                                                          • Instruction ID: 57198f8b1f37276c7b36284c69dadb0fa71d87e8ea4ec1b3757612a6c31b0776
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa5e8f4c2447cef5f929b309eee25f1b7b18717366982591179f526c35e0b267
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D361A730B08A8D4FDB95EF2C84615EABBE1EF5A304B5505F6D44DCB3A6CE31AD429780
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A2A70 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: eecada5524e4972b2aa4dca6a962b408792e012a506d2ae69364b7be66d6bc49
                                                                                                                                                                                                          • Instruction ID: 9ea4c9064ff67315830017c701b7f4fd49fe316cde288b137ecf56a723744959
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eecada5524e4972b2aa4dca6a962b408792e012a506d2ae69364b7be66d6bc49
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92817821B0FA9A0FE3B99AFC58751A93B91DF8A654B0A41FBD04CC71F7DC086D06A341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A34E1 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 837a1afd46593550e9af988baea152bd63881b92df9c51673881ac0f32b27a37
                                                                                                                                                                                                          • Instruction ID: ecd35de4bb330f28c5ff391a045b074b6124b0a68edd761142a9fb22e6e30faf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 837a1afd46593550e9af988baea152bd63881b92df9c51673881ac0f32b27a37
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8051B130718A4C8FDB95EF6CD855AE97BE1FF59314B0501AAE44DC72A2DE35E841CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A2278 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4c8c1f1a18e22359921c46df7d5c0d049c0d27830513b7deafa4201914972c6d
                                                                                                                                                                                                          • Instruction ID: da15a88ab8a351fbcb6e20c00a78ddf0d6f2c733bdb453bdb98650a49c339419
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c8c1f1a18e22359921c46df7d5c0d049c0d27830513b7deafa4201914972c6d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1517B23B0E9490FE755B7BC98625E5B7D0EF8622870902BBC49DC71E7DC0828475381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A3F6A Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 01b6fbeefbdf6e4a8bad4060cb0f653d1f08bbe7ba0e3f581739a23d7e9eb497
                                                                                                                                                                                                          • Instruction ID: c4d77604e42a7f184126ae64dcac214c75ceaf23ec016ee73446f8ece1924b13
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01b6fbeefbdf6e4a8bad4060cb0f653d1f08bbe7ba0e3f581739a23d7e9eb497
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05515510B1EA4A0FE798A77C54B16BD67D2EFC9304F5446BEE04EC72E7DC18A9416381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A3EB9 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 899c69742301af2c0ab34f84d1305391c230d7e36b565de95c0107628d95e9d9
                                                                                                                                                                                                          • Instruction ID: 33e0a455795ffcbe650f55f1e74b00172b32469f0c0613feece5cbca9b4641d2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 899c69742301af2c0ab34f84d1305391c230d7e36b565de95c0107628d95e9d9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14514701B0EACA1FE7A6977814742B66FE1DF86354B0901FBE088CB1E3DC485D42D382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4a5e2b7d51edf06e76d316a2c17d70ca6dea526046e610e283f38d4a7160c309
                                                                                                                                                                                                          • Instruction ID: e01deb123352579263bafbd1d9f2433d5097af9fc00cd86ac39128567d1248ad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a5e2b7d51edf06e76d316a2c17d70ca6dea526046e610e283f38d4a7160c309
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1410411E1FB9A0FE7AA976848756A53FA1EF57254B0601FBC058CB1E3EC4C6D4AC342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a3d36f32815da33b95fb13657391309a10c7ebed53681f96b8af91c823c02e0b
                                                                                                                                                                                                          • Instruction ID: dfd7971588b019ae38a20d29bef24bec549c49a9de013a27160e949bcc0e50ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3d36f32815da33b95fb13657391309a10c7ebed53681f96b8af91c823c02e0b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE41E230A1E7C94FDB2A9BA958646F57FA0EF13329F0801BFD099C31A3CA582516C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A5583 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 204037c316fdb81b782ca59b7a3e1df7eaa4052bad2b288cd44d96932efb7479
                                                                                                                                                                                                          • Instruction ID: 25182a25dcf3bcce3f52bf87bc22b0b38c13bb47f59d5ee247139149c017d9c4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 204037c316fdb81b782ca59b7a3e1df7eaa4052bad2b288cd44d96932efb7479
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F41C030B0DA894FDB59EF2894615AC7BE1EF99318B1500BED00DCB2D7CE35E9429780
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A431D Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1075f8f3cd3451a4399e40c739864229c5ce6be8686418d9e9907b92d5d38aef
                                                                                                                                                                                                          • Instruction ID: 95b37603b4833db40a7aaf597e74d9601715bd7408bc2164ea3fc5d0caa269c5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1075f8f3cd3451a4399e40c739864229c5ce6be8686418d9e9907b92d5d38aef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9631F630F0D65C4FEB54EBACC8659E9BBE1EF99314F0501BAE009D72A2CD24AD10D791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A02E0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 693e30f5506577848414ad5ee27d337cb80e7bc08fb72df33279b7059dc9604a
                                                                                                                                                                                                          • Instruction ID: 8af3852c97e8845ca0813a723dfbcb02dd36719a2bf1bf7b0ed345fb3798d77e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 693e30f5506577848414ad5ee27d337cb80e7bc08fb72df33279b7059dc9604a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69318430F0961C4FDB54EBACD865AE9B7E1EF99314F05017AE009D72A2CD24AD51D790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A583C Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ab7b6def0fc11b8a4a3d606b35183cb7a6f924b6c814fff31a5f148718212197
                                                                                                                                                                                                          • Instruction ID: c15c1358af4e5f1a5954473aea3bda54db4d664fdc1b8972c07a5c9f78103172
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab7b6def0fc11b8a4a3d606b35183cb7a6f924b6c814fff31a5f148718212197
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8611E511B0F78E0FE7A6577C28611A53FE19F8B660B1A44F7D488CB1E3D9184D469342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A3D6F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ccfc0a5bb8f8a5f42cea205c301fb0ecc7962c76e6a056759e568eab473c0987
                                                                                                                                                                                                          • Instruction ID: 459970ad309d987f356c4dc2eb82a6647c7369bb36bdc1eda8f17daf0c6bbe21
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccfc0a5bb8f8a5f42cea205c301fb0ecc7962c76e6a056759e568eab473c0987
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7701963061968E4FDB85EF68D9715EABBA1EF4B344B0905A2D44CCB2B3C931AD51D740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A6199 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c4eb5b037d005cfba5ffc17e28905dc2be56e375ca04487e946a14fcc2a15dac
                                                                                                                                                                                                          • Instruction ID: 9a6a08a2552181a85fea020d49b29a2afe2d967a6c42b9c07663a410f5765331
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4eb5b037d005cfba5ffc17e28905dc2be56e375ca04487e946a14fcc2a15dac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D01D83150E6C24FD72797789CB1A647FA0DF07214B0E02EAD094CB5F7D95DA846C352
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 61d18b4caae1662d240382a53eb43eb234e441238dd1d37bdc8fd51d5e79e9ba
                                                                                                                                                                                                          • Instruction ID: a0e5d3c5490940086a4e5fddb3f80b6e1f739919a382aab09dd9287ddff839b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61d18b4caae1662d240382a53eb43eb234e441238dd1d37bdc8fd51d5e79e9ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F08621B1FC5F05F2B611EC26752F525C1AB4566CFA60535D82DC61F2ED0CFA522541
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000027.00000003.2594079046.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4cbf4df526697c32da066a1311e16ac2138c2a15fd511790a8347ca57f8ccbed
                                                                                                                                                                                                          • Instruction ID: 9b48468d4e50ea9f97c66f9717e9783210f417dc42c91ed4c14359a59009b4a6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cbf4df526697c32da066a1311e16ac2138c2a15fd511790a8347ca57f8ccbed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28E07D3660F94C5BCF10EA9A6CA04CA3B98FB8D328B01012AF48CC3251E2125611C351
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00B617F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: 9268c9e5c9c2409559ae6e23ed32366a96aaa8328d7ced30f5f0eacb09f9cf26
                                                                                                                                                                                                          • Instruction ID: 8bbfad1db6f517a0b4450736d2a2c22abbf4eaf683b8153fa396f140e4fccbf2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9268c9e5c9c2409559ae6e23ed32366a96aaa8328d7ced30f5f0eacb09f9cf26
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73219F31D00719CFCF11AF68D8448A9F7B5FF85311B158AAED8196B226EB31E984CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B617E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq
                                                                                                                                                                                                          • API String ID: 0-847773763
                                                                                                                                                                                                          • Opcode ID: e16844547bdda5afa93b86843ed66e5528dae674734e1ef1a9e88b190e2e926d
                                                                                                                                                                                                          • Instruction ID: 3cea49dfca97df53c1644120b9f21d5c5bc1836e5c30967bd5d3cc53f80f286f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e16844547bdda5afa93b86843ed66e5528dae674734e1ef1a9e88b190e2e926d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE21F131D00749CFCF11AF78D8544A9BBB1FF45300B198AAED4496B262EB35D884CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B60848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 597152b2d05c6cd7d8857ab69f4b44884ac00203c28f7a502c3b11b0a495b0b6
                                                                                                                                                                                                          • Instruction ID: d8f152ae6a2293b3bcbd5d0883df01a89fd654d2f4ce360b2c8221afaa174bd8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 597152b2d05c6cd7d8857ab69f4b44884ac00203c28f7a502c3b11b0a495b0b6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D461AB30A10315CFDB14FBB5D9586AE7BF6BF85700F1084A9D4059B3A9DB789C4ACB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B615A2 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dc588f3da3da3c94b748c354fa8cf3a29e3ca7a0f5b32b42c824d6e7f1c7dae5
                                                                                                                                                                                                          • Instruction ID: 6e633a115043074d6ad9f9d1db0c47a0659a05111e26b651a430638726e1070f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc588f3da3da3c94b748c354fa8cf3a29e3ca7a0f5b32b42c824d6e7f1c7dae5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35517F32E50B06A6E7109BB5CC45699F371EFAA700F61CB1AF6583B191FBB0A1C4C681
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B615B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 510b97ff9f314a7058c350445aa52308ab786b26e95c373160352b0cf57e4cf5
                                                                                                                                                                                                          • Instruction ID: eb0e0659b6b317e02a39b2cc0b783c5e7accad4d14bdc1c75e36109f3c9451ea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 510b97ff9f314a7058c350445aa52308ab786b26e95c373160352b0cf57e4cf5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87516E32E50B06A6E710DBA5CC45A99F371FFDA700F61CB16F6583B191EBB0A1D4C681
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61DC8 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 13f1f0d8007277deec9018e8c9764eec58e34ab9271bd9b8bf6107919e7a6ba3
                                                                                                                                                                                                          • Instruction ID: 1af0e543d1c569e9175a87bfb8102a0d5fa8e9bc1988286828be5e782137bba3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13f1f0d8007277deec9018e8c9764eec58e34ab9271bd9b8bf6107919e7a6ba3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11418432E10B4A9BCB11DFB9C8904DEF7B1FF95300B15CA5AD959B7115EB30A586CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B60F20 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 29c463517304d6503433edbcfae8efce8c7da3122606f29fd848c919904ac6ee
                                                                                                                                                                                                          • Instruction ID: 5769e120217d0d053a1e33b9a0e22725a3d0a76659311bfc09a3dc4e756c1445
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29c463517304d6503433edbcfae8efce8c7da3122606f29fd848c919904ac6ee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E421036221D7D40FC722A77DA8A01EB7FE2CFD2311B0949EBC189CB193C9144C89C3A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61F34 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bd524202e31d23ecab348a3a5709614418494ea0ae28651823bf6e97af2c1974
                                                                                                                                                                                                          • Instruction ID: 6343eef00a8f4cf8aae73682f106bbf6675dbc35e4c9e76a53b5dd7cec33976c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd524202e31d23ecab348a3a5709614418494ea0ae28651823bf6e97af2c1974
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA414470C0065D8BDB10DFA9C884ACEFBF5EF49300F20825AE459BB241DB756A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61029 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5927019a5a681387c2b0b1c4aa724d4704963c1cc0ffdaa536fd4297bdb62095
                                                                                                                                                                                                          • Instruction ID: 3f500df9ea47fc7d92635de93c4cdea6e7786cbed0fdede45c5c9e40e9898eb3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5927019a5a681387c2b0b1c4aa724d4704963c1cc0ffdaa536fd4297bdb62095
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95419170B0060A9FDB14DB79C8946AEBBF7FFC4304B14C969D109A7265EF34A9068B90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b68d0a4efc562567bb15ba8f7bcb91ad4ae8d3d32ff26042396b5abca26680b7
                                                                                                                                                                                                          • Instruction ID: e601b2a08ba1355d5e02690a2716f141e8bb534b167f6f2de10f199b519f0329
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b68d0a4efc562567bb15ba8f7bcb91ad4ae8d3d32ff26042396b5abca26680b7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00317232E01B0AABDB00DFB9D8905DEF7B6EF95300F15C66AE515A7211FB30A585C790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B611E4 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8e65339985bec6226125769c5419de01009d569839fc63e0de73e7e12c1c6bf9
                                                                                                                                                                                                          • Instruction ID: 3bddb44e8b2a8707f1198d522123b829fb93918e310f7bd0e9c26e120067ec35
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e65339985bec6226125769c5419de01009d569839fc63e0de73e7e12c1c6bf9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E4127B1D002489FDB14DFAAC595BDEBBF6EF48300F14846AE409BB250CB745945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61934 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 69c1f0adcdae99c63715d824e73c902c467bec2996709af179d8f534d5877487
                                                                                                                                                                                                          • Instruction ID: 0a59e39d0a1354fec358ea314e28b84b5020ccca309c148a6bfb1faa1b153936
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69c1f0adcdae99c63715d824e73c902c467bec2996709af179d8f534d5877487
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 594142B1D012489FDB14DFAAC885BDEBBF5EF48304F24806AE419BB291CB785945CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5069e66f77f5c4d4f39cbf5a80e69aae27dcb0bdd7eda66d3b45510824ad45c3
                                                                                                                                                                                                          • Instruction ID: df853fe219b1041472b16073771904664e9b8a7202f68d512db7d5d69bd58cdc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5069e66f77f5c4d4f39cbf5a80e69aae27dcb0bdd7eda66d3b45510824ad45c3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5841F5B1C0074D9ADB10DFAAC944ADEFBF5AF49300F20816AD419BB250D7756A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B611F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2d8e0629c6788a3402b5c3fd2637afe97db11c1d700d1501e6ac7d66547cefe6
                                                                                                                                                                                                          • Instruction ID: 20296ee405c46bccd0a7fa1097f42c3d361de5edcd9d6c77b22eb3b4a32f866d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d8e0629c6788a3402b5c3fd2637afe97db11c1d700d1501e6ac7d66547cefe6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D3104B1D012489FCB24DFAAC995BDEBBF6EF48300F14846AE409BB250CB755945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ef2edf051488f09bd311f48d45bf97e070df57ad21c2555d127da76dee1b0e7d
                                                                                                                                                                                                          • Instruction ID: 2ca758b638287c70e48b61d41f9dc5182a334827a9c29fc6a7fea28b5acb4775
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef2edf051488f09bd311f48d45bf97e070df57ad21c2555d127da76dee1b0e7d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C3112B1D012489FDB14DFEAC985BDEBBF5AF48304F14806AE419BB290CB785945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61CB4 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b3d9ddf9c2445a87d7f144bc68b3ea8c0a11cc0d91b7591de400fecd19603865
                                                                                                                                                                                                          • Instruction ID: 89860c3bc55befa3c00d23e303e88010b34a1dad1d3ac1d6778d3071661a2433
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3d9ddf9c2445a87d7f144bc68b3ea8c0a11cc0d91b7591de400fecd19603865
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 193103B1C002889FDB24DFA9C884ADEBFF5AF48310F24856AE419BB251CB755845CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B60830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6dae2fa01be86742898a40b685fe0f779bfcf5c0e407c211a15a1f9b4ffa4d57
                                                                                                                                                                                                          • Instruction ID: 7e543cc8b348efc75565ee41c737d33e64376a8c3d54e9add24bb69d3b8229cc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6dae2fa01be86742898a40b685fe0f779bfcf5c0e407c211a15a1f9b4ffa4d57
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B721D5306147518FDF16B67688202AF77F7EBC5704F1444AAC9099B399EB799C0ACBC1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61BA4 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 05c6dd5a7fc8b1d43073f98dff41303b7678e019c30a9d049bd6b063b31fba2e
                                                                                                                                                                                                          • Instruction ID: 098bb21110c1c948faa570f6af79915fe5dee5496f99fc2f61dd9bc1f5d78dd1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05c6dd5a7fc8b1d43073f98dff41303b7678e019c30a9d049bd6b063b31fba2e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C31F4B1C002589FDB14DFAAD885ADEBFF8EF49310F24846AE419BB251CB755845CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: db2cba447c59726b473203ca516a9fc4b83de616607b1e500fed0afb4f38ac88
                                                                                                                                                                                                          • Instruction ID: c2e2324ba918ac154d143f3ccc4570b51c48a57397cdb95e6adb8ad2b1583469
                                                                                                                                                                                                          • Opcode Fuzzy Hash: db2cba447c59726b473203ca516a9fc4b83de616607b1e500fed0afb4f38ac88
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E031D5B1C002589FDB24DF99C484ADEFFF9EF49310F24846AE419BB250CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c25174122dfce8a29b5c0aa0ec72abb88f356eb1a6e1a32a9f42da55d8eb69f6
                                                                                                                                                                                                          • Instruction ID: b597575d1a7a9d12600160cc389945bfa24c20f48ddc7d780b5c287c20e3c076
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c25174122dfce8a29b5c0aa0ec72abb88f356eb1a6e1a32a9f42da55d8eb69f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0421D0B1C002589FCB14DFAAD884ADEBFF8EF48310F24846AE419BB250CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B618E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1e9c533610e8f0d77ab955d615437a652c6ec63bb2f90a12c809a27c334514cc
                                                                                                                                                                                                          • Instruction ID: 4a3c5971a54c2e77edc77878dfc26fc6dda1be1517632e49d765e1fbb5798330
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e9c533610e8f0d77ab955d615437a652c6ec63bb2f90a12c809a27c334514cc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F0E571A09348AFD701DB75AC6299A7FEA9B82304719C4EED109CB183ED309A429381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61188 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 493f468bad067e2c1bd9d4f6e6cc416b83463ef93730b10624eec93e17cee791
                                                                                                                                                                                                          • Instruction ID: 08f38d67edc183613dd6ad17562d65ead26041a48363c82873e9004655c8b188
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 493f468bad067e2c1bd9d4f6e6cc416b83463ef93730b10624eec93e17cee791
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AF0A071A05648BFDB01DF709D5199A7BEADB86304754C4E9D208CB252E9318B0187D0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B60AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f76708eceddb4c084cda43c7bd88c9aae521723e49de391848e2f12a6ab143de
                                                                                                                                                                                                          • Instruction ID: 4c306faaa28d4b4f939fddd529b63a9feb6b8a8ed234404e9c3cecc2d1919bd8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f76708eceddb4c084cda43c7bd88c9aae521723e49de391848e2f12a6ab143de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1F01C74A11218EFCB41EFB8E94959CBBF5EB84301FA085E9D409E7394EA302F449F80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B60B3A Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 34152b5d6ebaef1afdf84f08ba3044eb792da5bf7e6d9db91799f5311d6194bf
                                                                                                                                                                                                          • Instruction ID: 7765167d051222442ca7d3c42e63d86b48b2a5973b0731559dd6dd6f14e6d74b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34152b5d6ebaef1afdf84f08ba3044eb792da5bf7e6d9db91799f5311d6194bf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE0C2B2225EB00FC301B66C28614CB1FEA9EDA71072951A7E104CB287CE504C4083E9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B61198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 26ecb45204dea6647bb48a071e98ed1fbeaec651d0055651af1290b3a9acee4b
                                                                                                                                                                                                          • Instruction ID: a0b4c239728cfcaa549bfe3df9c0ef290e27982dc0121c3297bea5efdf93faf2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26ecb45204dea6647bb48a071e98ed1fbeaec651d0055651af1290b3a9acee4b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8E09A31B0120CEBCB00DFB5CD4096EBBEADB81304740C9A8E6098B210EA319A019B90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B609B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000028.00000002.2572548643.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_b60000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cdf12ddfdbd29b69bca116e4d5f01e459f02a71649f4c9c0e6faa69d9a94786f
                                                                                                                                                                                                          • Instruction ID: c86626ba1d04e44ee70a29af1b044b036af85abc836bf5ed9240a015cf39103d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdf12ddfdbd29b69bca116e4d5f01e459f02a71649f4c9c0e6faa69d9a94786f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34D067757002198FCF00EBA9D4485DC77B0EB88715F0000A5E109DB260D77598558B91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B400FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002A.00000002.2576413278.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_42_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                          • Instruction ID: ab1561c18d3dc3b2a34e2238a8a510388268936922be1a83ddee7623dea4f1f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2971C853B0FACD0BE776069C6C61135AF91DB97668B0903FBE0C8861FBD85A9E05D381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B40135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002A.00000002.2576413278.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_42_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                          • Instruction ID: 62de078f7a369aa7830a40a7e6cdda806884d609bd3aed979f34ace8eae38558
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21B431A0CA4C9FEB18DBA8D849AE9BBE0FF55321F00422FD049D3652DB756856CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 02450848 Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: <Ps$<Ps$PWs
                                                                                                                                                                                                          • API String ID: 0-3872710081
                                                                                                                                                                                                          • Opcode ID: 7a86257ec8c0f45079ac92283ff2576dab0aa0a996d4c507f6421ebfb2e7b475
                                                                                                                                                                                                          • Instruction ID: b2f15c2615e00eaac87e77a881e0f17dfd6baaf40d23d901fee6beeb49fd459a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a86257ec8c0f45079ac92283ff2576dab0aa0a996d4c507f6421ebfb2e7b475
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF61D034A00325CFDF04EF74D5586AE77B2BF88704F00946AE8459B35ADB359C4ACB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451030 Relevance: 3.9, Strings: 3, Instructions: 108COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: pUs$pUs$Os
                                                                                                                                                                                                          • API String ID: 0-533358
                                                                                                                                                                                                          • Opcode ID: 9fec71d8098f9bcaaf27f6798e144bed54cd221eb06bb242701d86beec1b84d2
                                                                                                                                                                                                          • Instruction ID: d97485adff35ad6b47168bce6fa8ea932b5f0f6444b67cc02563c2c0117fb27a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fec71d8098f9bcaaf27f6798e144bed54cd221eb06bb242701d86beec1b84d2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44418270B0061A8BDB04DB75D9546AEB7F3FFC4305B00C939D50EA7265EB39A906CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 024517F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: d5e5cf487a1d874eaffe854c8ab21c5c9014498891479aa300ce8bb1df6e91a4
                                                                                                                                                                                                          • Instruction ID: c15ae64bf741a4c293f467370a2fa81e0f0df73f47ad524bd05f5d63c13f8848
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5e5cf487a1d874eaffe854c8ab21c5c9014498891479aa300ce8bb1df6e91a4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D721EF31900719DFCF10AF68D8449AAB7B1FF85305B0486AED84C6B222EB31E488CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451DC8 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: tfs
                                                                                                                                                                                                          • API String ID: 0-1444083001
                                                                                                                                                                                                          • Opcode ID: 772b1e1220853312f0881d863880d869fca9b0f62fd468bbee483a8e46cb446f
                                                                                                                                                                                                          • Instruction ID: f06f2ace105e65fc9b1af545536d7210506c582805a6509a1707492023dd600e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 772b1e1220853312f0881d863880d869fca9b0f62fd468bbee483a8e46cb446f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F417132E00B5A9BCB01DFB9C9905DDF7B2FF95300B11CA5AD999B7111EB70A585CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451F40 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 0fs
                                                                                                                                                                                                          • API String ID: 0-562155557
                                                                                                                                                                                                          • Opcode ID: ed7d76bb1cb15097d1ecfefe04c339f3222ea546b96dc692fddfbf50f1d13fd7
                                                                                                                                                                                                          • Instruction ID: 9d8ae66f88dc53767490c2f8c209214b219959cbcc9ce4ab6a43c4991fe69d22
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed7d76bb1cb15097d1ecfefe04c339f3222ea546b96dc692fddfbf50f1d13fd7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43411771C0035DDADB10CFA9C944ADEFBB5BF48304F20811AD859BB245D7756A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02450B40 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: hXs
                                                                                                                                                                                                          • API String ID: 0-49001552
                                                                                                                                                                                                          • Opcode ID: 714ec3a2cef1e6dbca06c408c2b466affbfb2f9e6098e860b4dc8428e090c7e6
                                                                                                                                                                                                          • Instruction ID: abb38e35afe78501a9c7627f1873b827369820f287b6cad1b9902ae28299ef86
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 714ec3a2cef1e6dbca06c408c2b466affbfb2f9e6098e860b4dc8428e090c7e6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AD02B31200C3416C700E29C904059E45CBDBDD721B04293BA549472069F504D0083D5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 024515B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7e4d75e29a930f7f8941624cf989336af99a52d7a717975bf3abc6e28560056a
                                                                                                                                                                                                          • Instruction ID: 65d8551148d8f300b6313ac6dce5c79a3672231045bc116fd9f66f15cde8af6c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e4d75e29a930f7f8941624cf989336af99a52d7a717975bf3abc6e28560056a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A517E32E50B06A6E710DBA5CC45A99F371FFDA700F21CB16F6583B195EBB0A1C8C681
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02450F20 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 601cab60bbc5143f8d5b280dae428c280e17bf41ded8a586b1a08d05c3b84230
                                                                                                                                                                                                          • Instruction ID: ec3abdb03f969cc239727d6c02d166f153dcb2ba69fb237a82025177ea583266
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 601cab60bbc5143f8d5b280dae428c280e17bf41ded8a586b1a08d05c3b84230
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5631E82660D3E40FD712933C94601E97FA2DFDB355F1968ABC8CA8B193CA545C49C3A6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 391657275e134cdd01d5c8f7b72df8a94f2edb9584914dd0ffd0e704974d3116
                                                                                                                                                                                                          • Instruction ID: d5f04ad730eca75ac304e4a9839074d942798f522d81196ff98ace6ca8e48575
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 391657275e134cdd01d5c8f7b72df8a94f2edb9584914dd0ffd0e704974d3116
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF317432E00A09ABDB01DFB9D8905DEF7B2FF95310F11C66AE549A7221FB30A585C790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 024511F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 601d4aabfe69d532c80bf04db093e58089071b3dfab29624768aebf417a5c43c
                                                                                                                                                                                                          • Instruction ID: e70348c341873c25567bd3025092408d0f70c29ee233ccf7113255c3257ca49c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 601d4aabfe69d532c80bf04db093e58089071b3dfab29624768aebf417a5c43c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C313671D012589FDB24DFAAC994BDEBBF6AF48300F20802AE809BB251CB755945CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d5be7f17959c423ebe1dbed2d8c3db693a2672ecf402a4141b4b8e53882093c5
                                                                                                                                                                                                          • Instruction ID: 28c7526326d7da9ec752f1a9cd0e0ceaeb495db4ad76da5d0a9f496c9b9465a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5be7f17959c423ebe1dbed2d8c3db693a2672ecf402a4141b4b8e53882093c5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B312771D01258DFDB15DFAAC984BDEBBF6AF48304F10802AE809BB251CB745945CFA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02450830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 87180e035c5bffef489efb9b0f03f8cfe71183e1ed45df1f743e8be23ae17e41
                                                                                                                                                                                                          • Instruction ID: bd0e56cf52fd2bf7a626ff7e167d7dcc44f83433c8c9c9d3737b8df7b62482c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87180e035c5bffef489efb9b0f03f8cfe71183e1ed45df1f743e8be23ae17e41
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0521C6396043614BDF15A634C5107AF77B7ABC9704F04646BDC899B35ADB399C0AC7C1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451BA4 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a58d3b2d93405dbb580332f264f016fea349d51220dfbd0a727e7547f5189186
                                                                                                                                                                                                          • Instruction ID: 3dc4172dfd1fe44f4b64334e1fe2d18881db04dd1015e452f7dd2f10d98005f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a58d3b2d93405dbb580332f264f016fea349d51220dfbd0a727e7547f5189186
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C33103B1C002589FDB14CFAAD884B9EBFB8AF08310F24802AE849BB241CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 15b859e9594ce789094616da585420f87dc37661877df35eeeb7ceff1f24260d
                                                                                                                                                                                                          • Instruction ID: 1e580aaa34f08ac3cbed25a5415e89399f768ed174d2b8f1b457e3dde9ba13b0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15b859e9594ce789094616da585420f87dc37661877df35eeeb7ceff1f24260d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D31D6B1D002589FDB24DF99C484BDEBFF5AF48310F24802AE819A7251CB756945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d17a07334f879359249593e2b69c2351372cbacf9e2bbf593f95298badb2108c
                                                                                                                                                                                                          • Instruction ID: 7dbf341f70a29eb559b7118c0aae0fe6c4655472ce692ed1bbb2728916d22ebe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d17a07334f879359249593e2b69c2351372cbacf9e2bbf593f95298badb2108c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC21D3B1D002589FDB15DFAAD884BDEBFF9BF48310F24802AE859BB241CB755945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 024518E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ac191b8102651ec5d101a6e9bee83a5ffbff735a5e8509b7d2edefe987db3184
                                                                                                                                                                                                          • Instruction ID: 065474a875f67981394597bd697dbc88a393142ded948284052fc5602071421f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac191b8102651ec5d101a6e9bee83a5ffbff735a5e8509b7d2edefe987db3184
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14F0A730A09259AFDB10CB71DD516697BAB9B82204705C8AED54DC7152EA389E019355
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02451198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d54e7a12d797ac5be768432b864c79c016b0f2ceddef0a9b779d61138122fefa
                                                                                                                                                                                                          • Instruction ID: 8c59d94f049cdd716ff598037f06a754956c47e4727eb5816748c4055b4cee5d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d54e7a12d797ac5be768432b864c79c016b0f2ceddef0a9b779d61138122fefa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06E09A31B00208EB8B00DFB1CD41E6EBBABDB85304B40C9A9E6098B211EA359A019B94
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 024509B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002C.00000002.2583687470.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_44_2_2450000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fd3ed21d55a60686ab0949bd6dfe725c689eecf227b166857454a514f2457cb5
                                                                                                                                                                                                          • Instruction ID: b105846350d0e346c7b553785dca85134a7f34ff7b10f1c2af417f2d6c9f3b8d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd3ed21d55a60686ab0949bd6dfe725c689eecf227b166857454a514f2457cb5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0D067757002298FCF00DBA8D4485DC77B0EB88715F0000A5E509DB261D7759855CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B400FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002E.00000002.2593659387.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_46_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                          • Instruction ID: ab1561c18d3dc3b2a34e2238a8a510388268936922be1a83ddee7623dea4f1f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2971C853B0FACD0BE776069C6C61135AF91DB97668B0903FBE0C8861FBD85A9E05D381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B40135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000002E.00000002.2593659387.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_46_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                          • Instruction ID: 62de078f7a369aa7830a40a7e6cdda806884d609bd3aed979f34ace8eae38558
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21B431A0CA4C9FEB18DBA8D849AE9BBE0FF55321F00422FD049D3652DB756856CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4A12C0 Relevance: 2.2, Strings: 1, Instructions: 909COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 2C_I
                                                                                                                                                                                                          • API String ID: 0-999908352
                                                                                                                                                                                                          • Opcode ID: 008764393e34352af1ebd7862aae3f4306509bb7eba2a1e4d55833733aba8cb1
                                                                                                                                                                                                          • Instruction ID: 97d16d86874d875e9d832545664631f8850c7149b66f26af1f6674571359258a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 008764393e34352af1ebd7862aae3f4306509bb7eba2a1e4d55833733aba8cb1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D523A63B0F6C44FFB354AAC58651786BD2EF962A4B1901FBD098C71FBE854AD02E341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A1518 Relevance: .5, Instructions: 491COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 76a3654c39c7f75114af9ffcf34246c3f3d67b05813f0e0ca66583e0d2ddabd9
                                                                                                                                                                                                          • Instruction ID: 834587d3e6bf511869d1d59ae40a6f96c50b45b694ad4e44e1df9a7417632f93
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76a3654c39c7f75114af9ffcf34246c3f3d67b05813f0e0ca66583e0d2ddabd9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2E14A62B0F6C90FE77946AC18691786BD2EF9A268B1901FFD099C71F7DC14AD02D341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A3751 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9b404bdf425ef0bbefc714324858f029c27f3cf8bf098a3aec60cde85f73f4f0
                                                                                                                                                                                                          • Instruction ID: 94124d8c5aa4ead8b9d4b46a10110d22810b3e6dfd26289acbd7bba42277038a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b404bdf425ef0bbefc714324858f029c27f3cf8bf098a3aec60cde85f73f4f0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD91262160F6C94FE766977C98656B17FE4EF53228B0901FEE0D9C70A3E908A846C742
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A20FA Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cfbc7e9d2fac2894ba4d6163462690757ce51ff563418987dba61c4fb61a83f9
                                                                                                                                                                                                          • Instruction ID: 79f5977a52f1a679b61dd68436e219a24513ca8818f8183865e69568bca56fa8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfbc7e9d2fac2894ba4d6163462690757ce51ff563418987dba61c4fb61a83f9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44A10917B1E1A90AD715B7BCB8A65E57F61EF4223870843F7D0DD8F0D7DC08648A8295
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A449D Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 23ce5e9929093fb713e671b3759b8a2338926fa34d77108cbfdfd77aa467a1c8
                                                                                                                                                                                                          • Instruction ID: 354431e6d4ebffd6139b429687a6fd3a5aed6fdb974dd52db04ab3b711c00a9c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23ce5e9929093fb713e671b3759b8a2338926fa34d77108cbfdfd77aa467a1c8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E61F412F0EA9A0FF7B962A814762B92BD1EF49714F5601FED04DC71E3EC0C99465381
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A310E Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c923dab2f18949025e75b2d3ca658dbef5a8fac5f5561ab5f200b2c733c64850
                                                                                                                                                                                                          • Instruction ID: c449b7887a08e325922f200a7c0b3cd3b2c3ddd938fc9d438273648f2a4f84ee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c923dab2f18949025e75b2d3ca658dbef5a8fac5f5561ab5f200b2c733c64850
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30512622F1FA9E0FE7B552B818362B93BD1DF8A268B5601B6D45DC72E3EC0C6D025341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A34E1 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 453f9d158a56208b074aee34e951d8e3d3536a5dc155a99292dc7665889c1e25
                                                                                                                                                                                                          • Instruction ID: f8be004cecee0f9ae64dcc6fd3ad71dd9ea3576ca624cbab69e589750fcf9c77
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 453f9d158a56208b074aee34e951d8e3d3536a5dc155a99292dc7665889c1e25
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D951E530A0DA4D8FDB65EFACD8699E97BE0FF59314B1404ABE449C32A2DA35A851C740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A410E Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e83f04a39c7f387a9cab9533c532c90a8b304ced5b482b34ac8ddde4d35a6f14
                                                                                                                                                                                                          • Instruction ID: 09386ecda23cf2dd8b62be3128a3a8a8c3e627efcc2d3f9c6c39b527f9e73f2d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e83f04a39c7f387a9cab9533c532c90a8b304ced5b482b34ac8ddde4d35a6f14
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02511370B0DA894FD719EF7884665A9BBE1EF49304B1404FED04ECB2E7DE28A446C741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bcef8da30eda38eb002c293eb4905bcba95ca724975309f74aaecc8a1102c8d8
                                                                                                                                                                                                          • Instruction ID: d1a200257ee3b37214fe4defed3743fcbfbc4b06dfbbd856fbc54db6163930d3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcef8da30eda38eb002c293eb4905bcba95ca724975309f74aaecc8a1102c8d8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8410511E1FB9A0FE7AA976848756A53FA1DF57264B0601FBC058CB0E3EC4C5946C342
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a3d36f32815da33b95fb13657391309a10c7ebed53681f96b8af91c823c02e0b
                                                                                                                                                                                                          • Instruction ID: dfd7971588b019ae38a20d29bef24bec549c49a9de013a27160e949bcc0e50ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3d36f32815da33b95fb13657391309a10c7ebed53681f96b8af91c823c02e0b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE41E230A1E7C94FDB2A9BA958646F57FA0EF13329F0801BFD099C31A3CA582516C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A2C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 40abcc10c6b5cc3126a85f0cb68b9fdab2532f413aae220df3daf8240ea10eef
                                                                                                                                                                                                          • Instruction ID: 034e19ebc4f75a96d8f9f458ad70e23b98ec27350ed26acec6c7746a343dc4c5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40abcc10c6b5cc3126a85f0cb68b9fdab2532f413aae220df3daf8240ea10eef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2216A22F0FA6A0FF7BA52F854351F92B91AF46620B0601FAC05DCA1E7DD0819476341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A39FC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d3b02d66908d93b06bcbea7877200899e8a088693f67350c21dfa1d8d635c747
                                                                                                                                                                                                          • Instruction ID: 3b513aec3e72bdf63f0412f6ae95b505b82dd297a2ca8676018eb86f482384c7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3b02d66908d93b06bcbea7877200899e8a088693f67350c21dfa1d8d635c747
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1301F12060E5CE1FE362E7E440B52FA7FE1DF4A210B5848E8C489CB1B6C92C9882D300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 61d18b4caae1662d240382a53eb43eb234e441238dd1d37bdc8fd51d5e79e9ba
                                                                                                                                                                                                          • Instruction ID: a0e5d3c5490940086a4e5fddb3f80b6e1f739919a382aab09dd9287ddff839b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61d18b4caae1662d240382a53eb43eb234e441238dd1d37bdc8fd51d5e79e9ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F08621B1FC5F05F2B611EC26752F525C1AB4566CFA60535D82DC61F2ED0CFA522541
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A48A1 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ac8daa9f4f6a3796282e151e7736c373c9d4021de4fb82b6b14c987315164f48
                                                                                                                                                                                                          • Instruction ID: 39aa16b4214d8fa3814416e989f6f009a95487c10383567b6d49144df351096c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac8daa9f4f6a3796282e151e7736c373c9d4021de4fb82b6b14c987315164f48
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF0FF1450E6C94FDB62977C6870A66BFE49F03228B0A44EEE0D8C60E3D98C1986C382
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4cbf4df526697c32da066a1311e16ac2138c2a15fd511790a8347ca57f8ccbed
                                                                                                                                                                                                          • Instruction ID: 9b48468d4e50ea9f97c66f9717e9783210f417dc42c91ed4c14359a59009b4a6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cbf4df526697c32da066a1311e16ac2138c2a15fd511790a8347ca57f8ccbed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28E07D3660F94C5BCF10EA9A6CA04CA3B98FB8D328B01012AF48CC3251E2125611C351
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4A3A45 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000030.00000003.2623917640.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_48_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6a7686cb0ab062ad38a047d4b8a56bf86c228f185f10276ffff84df814e7a5fa
                                                                                                                                                                                                          • Instruction ID: 106737b67e4d51a456f6a90a03dfc164664648b31071d5424c8800c0864442c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a7686cb0ab062ad38a047d4b8a56bf86c228f185f10276ffff84df814e7a5fa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AE0EC5144F5CA2FD763A3F419BA4EABFE08E4B16435C0ACEC4C98B067C14C549AC341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 014A1538 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq$$dq
                                                                                                                                                                                                          • API String ID: 0-2340669324
                                                                                                                                                                                                          • Opcode ID: 4f8715f6cf7904ceea2babfd9da62fa0f75358f6fec84155f208920623afac78
                                                                                                                                                                                                          • Instruction ID: 0f11a3a65f87cab6e1fc5d9b6971a8b77926c4018b5bdfa117013d2806042ceb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f8715f6cf7904ceea2babfd9da62fa0f75358f6fec84155f208920623afac78
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD21D331A00719CFCF10DF68D8448AAF775FF45301F4986AED8496B222EB31E984CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1529 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $dq
                                                                                                                                                                                                          • API String ID: 0-847773763
                                                                                                                                                                                                          • Opcode ID: ce6b8894e5639a28434b7d385d5783aaee25328820f31adb9cf816fcf2067fd2
                                                                                                                                                                                                          • Instruction ID: 8003a61bdc53419182e8439731330acb760c013457fb242f3cbbd5ebc56a9ab6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce6b8894e5639a28434b7d385d5783aaee25328820f31adb9cf816fcf2067fd2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21210631900709CFDF119F78D8544AABB71FF55300F0A86AED4496B232EB31E885CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A0848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ddd644a04f2a604ee15ee70841b8664ff8045471e28f7e22bc8f2ff6aa83537f
                                                                                                                                                                                                          • Instruction ID: 99a8463e31580150cf68436ca5f763c73d852539a2588327f68765da6a1e0321
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddd644a04f2a604ee15ee70841b8664ff8045471e28f7e22bc8f2ff6aa83537f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7617A30A00315CFDB15DF68D5286AEBBB6FFA5700F11816EE8069B365DB349C46CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A0ED8 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6400d07e518139287eef9ed740e60c2009b9f1b06a5264054e3790d0ed712b38
                                                                                                                                                                                                          • Instruction ID: 0943d897f2cc6a6b2e455c8120ebc75f2e8cac05f0c42f1730563726939b83ca
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6400d07e518139287eef9ed740e60c2009b9f1b06a5264054e3790d0ed712b38
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D021A2316183940FC383973D94640B97FE6EFE2221B5A499FD48A8F172DB645D8AC361
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A12E1 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 422e7d0797123cace314052412d54b69b201483660400860a397b8c5cf42c89e
                                                                                                                                                                                                          • Instruction ID: 41efa337f025adfaa648020ae656edefb10eba712a74d539e1c74af79f3ff1de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 422e7d0797123cace314052412d54b69b201483660400860a397b8c5cf42c89e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E516032E50B0AA6E710DBA5CC45699F372FF9A700F61CB1AF6483B191EBB0A5C4C641
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A12F0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fdb57aee4bdd0c8b43e46aaf9254663c3abcbf1c0dbe729d7d45b23b9644a692
                                                                                                                                                                                                          • Instruction ID: 4bada411c6f5807796091a600204d4c908cf85afe81c71c225248a98026f0c19
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdb57aee4bdd0c8b43e46aaf9254663c3abcbf1c0dbe729d7d45b23b9644a692
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C513E32E50B0AA6E710DBA5CC45A99F372FFD9700F61CB16F6483B195EBB0A1D4C681
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1B08 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 954aae96eb6db95261461f42d49494ed07d2ca8d90f1c1108db0f8e2165680f7
                                                                                                                                                                                                          • Instruction ID: 567ac6d1ec6076e1130d7b346af82b54b149490921e38af61d38b4be15568ffc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 954aae96eb6db95261461f42d49494ed07d2ca8d90f1c1108db0f8e2165680f7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06415F32E00B4A9BCB11DFB9C8504DDF7B2FF95300B11C62AD555BB125EB30A586CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1C74 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 692cf1610fbd5138dd5854acc77d6c7a8c07d578f2b515d2bd204370d50de6a5
                                                                                                                                                                                                          • Instruction ID: a32e4ed554c73c6180a49e61be307d6c108a700a1ad71da421c190fa8c18168c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 692cf1610fbd5138dd5854acc77d6c7a8c07d578f2b515d2bd204370d50de6a5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D34102B1C103599ACB10DFAAC944ADEFBB5EF58300F20822AD419BB254D7746A49CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A17C9 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 544b778a85e9f1bd3161d586f4ed0f01d572d3e2f0f145b45ee1038cb1b8fcb9
                                                                                                                                                                                                          • Instruction ID: b42cac0c084e55eb31808342643c3dc363854bfcec79981a907840c52d238444
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 544b778a85e9f1bd3161d586f4ed0f01d572d3e2f0f145b45ee1038cb1b8fcb9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76316132E1070A9BDB11DFB9D8944EEF7B2FF95300F51C66AE515A7221EB30A585CB80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A118C Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6dadc9a69dfc41120925862973c4d960f6d0b928bbc98acdd82cf62ed4f6bbb6
                                                                                                                                                                                                          • Instruction ID: a7dd22ccef4efcc1d47bb98ac51b51464b23d0191e60a815ce900ab666954c3b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6dadc9a69dfc41120925862973c4d960f6d0b928bbc98acdd82cf62ed4f6bbb6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6241F5B1D012489FDB14DFA9C984BDEBFF6AF58300F10802AE515BB260CB746945CF51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1674 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: db3215d6ce965fea4393c2ed7a8f2e434213f6c73ecf7949f2fb2a4e1d07ba82
                                                                                                                                                                                                          • Instruction ID: f05beddc4264c12e35713dca49f5b72dddf798d28e42a65b48a95719abfc9868
                                                                                                                                                                                                          • Opcode Fuzzy Hash: db3215d6ce965fea4393c2ed7a8f2e434213f6c73ecf7949f2fb2a4e1d07ba82
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 674124B5D012489FDB24DFAAC984BDEBFF6AF58304F50802AE405AB2A0DB745945CF50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1C80 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f32cbf1c0b208031c347988f93f2a20317e5c23c36e12d6a735f1679f54975db
                                                                                                                                                                                                          • Instruction ID: ec51eac830788f02a54de4bd745ed0f10ceb556f70014189d1df86213e03ad8e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f32cbf1c0b208031c347988f93f2a20317e5c23c36e12d6a735f1679f54975db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 544125B1C1035DDACB10DFAAC944ADEFBB5BF58300F20812AD419BB250DB706A45CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1198 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e379a236e05d698e11b48771fa8cfe526611365d295092b9af307f097611af6a
                                                                                                                                                                                                          • Instruction ID: dbaff024939a13c7b7b469c79db9ef6aa5b52ad8d7b1b3ba0644af9b824a5919
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e379a236e05d698e11b48771fa8cfe526611365d295092b9af307f097611af6a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 493117B1D002489FDB14DFAAC944BDEBFF6AF58300F10802AE505BB2A0CB70A945CF51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1680 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 71e529029e56e89da56788c6f0992e7c66a429e337ed264fca3ae820c00819bb
                                                                                                                                                                                                          • Instruction ID: de10e061cbafebc14debd7fb41544d03e99499c3419348541d8a6d459296665c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71e529029e56e89da56788c6f0992e7c66a429e337ed264fca3ae820c00819bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C3116B4D012489FDB14DFAAC984BDEFFF5AF58704F50802AE405AB2A0CB745945CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A19F5 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 78f7f73dc55bb3faefb4cfc3408eee88f776dce216703d1c24e6aa6cae4b781f
                                                                                                                                                                                                          • Instruction ID: b361d3c48d2f7db751bb3e3a8facc25f02d184f0992e376bb21e86c68298a46a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78f7f73dc55bb3faefb4cfc3408eee88f776dce216703d1c24e6aa6cae4b781f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 843102B0C002589FDB24DFAAC894ADEBFF5EF48710F25812AE419BB250C7746945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A0830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1dc632efd69310d838d8889dab0eec974adcdf82452cb91b149718f64aac7538
                                                                                                                                                                                                          • Instruction ID: 384e153789312258420c4f99cb6c53f99b8d6a2b317a3a1a66579deb98e66284
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dc632efd69310d838d8889dab0eec974adcdf82452cb91b149718f64aac7538
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A21F634A043018BDF168A3898242BF77B6EBE5604F45429FD94997365DB39DC0AC3D2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A18E4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7493f445578114bcd4b71ed7460c6e307c885c7d33c78a60c208d88c9ef6f8a9
                                                                                                                                                                                                          • Instruction ID: 8c1dc5ee22fe642525bbca01f3483ab17b931a0efcbd2c7793c2bd977a8e1f58
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7493f445578114bcd4b71ed7460c6e307c885c7d33c78a60c208d88c9ef6f8a9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E31E3B1C102589FDB14DFAAD884ADEBFF9AF48710F24802AE459B7250CB745945CF90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1A00 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0a0d26cced286202665160df65e35c12ab138bab8824d23b6459d5bea143acf7
                                                                                                                                                                                                          • Instruction ID: ca8753d6732525a2829b06d4e20432b4d9b1b017c773b533de1632a6c4e460b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a0d26cced286202665160df65e35c12ab138bab8824d23b6459d5bea143acf7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC31E3B1C002589FDB24DF9AC494ADEBFF9AF48710F25802AE419AB250CB756845CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A18F0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5434d7c2ae8de959df7a3b48db9de4c929c907e73df77625bfb09717fe7a4264
                                                                                                                                                                                                          • Instruction ID: 36859512a4558e2f61c8c1813ca2c3761fc6dc60971ffe50de6dff123d198bad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5434d7c2ae8de959df7a3b48db9de4c929c907e73df77625bfb09717fe7a4264
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9621D0B1C002589FDB14DFAAD884ADEFFF9AF08710F64802AE559BB250CB756945CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A1028 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 915e8e5f234314db33344a7135620d80acb8b65726071ac21b1f3c47a767a16f
                                                                                                                                                                                                          • Instruction ID: 68b1616755c0234bc7dff8b7c01e7814bb0c97fe90c0fd766bdc009176c605d0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 915e8e5f234314db33344a7135620d80acb8b65726071ac21b1f3c47a767a16f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E01C031B043059FD755CB7AE8185BEBBE2EBC1715B01867FD419CB264EA35AD06CB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A10B9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dcd21998877293ab2ea656cd980a76a1c519686c6be953ba974d016c97f9a3a1
                                                                                                                                                                                                          • Instruction ID: b2302491e54b747e76149e6cf19e84fdb550bf0932405dc2c28e5e8afd2a37c6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcd21998877293ab2ea656cd980a76a1c519686c6be953ba974d016c97f9a3a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59F0C271B00218ABDB64DEA4D8548FF77F6EF98315F00852ED542A7170DB31A915DB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A10C8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ad46ae5260f558acae1f539a0e7f574a54b115aad445b8dac3b4694c2ac9a0a1
                                                                                                                                                                                                          • Instruction ID: 8ce6b4f39a9a84d53d7e3ab674574068deeec96777c94e1c10b1b951476a0856
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad46ae5260f558acae1f539a0e7f574a54b115aad445b8dac3b4694c2ac9a0a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AF0277170011CA7DF14DAA5D8548EE7BBBEFD8704F00842AD601AB2A0DF32A915CBE1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A161F Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8e8a34b531c207af65a71308a072d9098bc64c0ccfa1e8be83a3b131810cd490
                                                                                                                                                                                                          • Instruction ID: 98633bae138a3a20eaf24227b0f82f7a7aee2edb19f8a0f3dd0bf412782df0cf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e8a34b531c207af65a71308a072d9098bc64c0ccfa1e8be83a3b131810cd490
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80F02771A00249AFC794CF708C549BE7BF6DB91204B0585AEC40DC7121D9318A029780
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A0AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b59180bd3b4b6098626fe7b20fb3ffb317c059cc0f44ac8e018489c43032c021
                                                                                                                                                                                                          • Instruction ID: 2cea0256918e4402d5e50154a046d197c59a4b98bf2731eb6b99f05816556dc6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b59180bd3b4b6098626fe7b20fb3ffb317c059cc0f44ac8e018489c43032c021
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63F01270A01219EFCB54EFB8F54459C7BB1FB54601F5045ADD809D7225EB316E448B50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A0B39 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 62ef7994ccc74f39944e149d0d9b43beafca54453e65dfa15c902b29703426c2
                                                                                                                                                                                                          • Instruction ID: 8ba3f83335315cc0f43b302a3cef622267f99b986b8a4a0e7d7c768a6b2684a4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62ef7994ccc74f39944e149d0d9b43beafca54453e65dfa15c902b29703426c2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84E0C2716087540FC382EFACA4200B93BF2EBE5222B1546AFE8498F266CF745D45C3D6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 014A08FF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000031.00000002.2622431836.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_49_2_14a0000_DefMic.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9c37af95a1dbd8283e51a935a5f75625aca4e3c4df9f749c90fa8fc7448e35ac
                                                                                                                                                                                                          • Instruction ID: 49880403e928dee6f890d5a91a6f82aad633b0a241c6b500cfd5fa2ddd6da0ac
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c37af95a1dbd8283e51a935a5f75625aca4e3c4df9f749c90fa8fc7448e35ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6D067757002198FCF00DBA8D4585DC77B0EB99615F0001A5E109DB260D77598558B91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FFD9B4B3751 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 6OJ
                                                                                                                                                                                                          • API String ID: 0-3931202320
                                                                                                                                                                                                          • Opcode ID: 524e9d7ce934b88d7873ae83609af4700e44a9e6cc45ae5ecbfb5e32bebc4d6e
                                                                                                                                                                                                          • Instruction ID: ccf88f120fa8add19b46584202d5649bcbe150077648a3eaf5f69a1be03f26d7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 524e9d7ce934b88d7873ae83609af4700e44a9e6cc45ae5ecbfb5e32bebc4d6e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39916A2160E6D90FE766977D98746753FE0EF53328B0A01FBD1D9C70A3E9086846CB42
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1518 Relevance: .7, Instructions: 674COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 407ac5c472ec4feac009377b415e82a102273ca8f8bffad2b755a625bce06e27
                                                                                                                                                                                                          • Instruction ID: 3974120e9fec06dd642862e0b095f71fd1ccb2cafd0a8ed5e04607914dd0009c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 407ac5c472ec4feac009377b415e82a102273ca8f8bffad2b755a625bce06e27
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10227772B1F6C90FEB789AAC586517C7BA2EF95314B1900BBE089C71EBDC24AD01D741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B302D Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e5647ef45a3503552210d6661b63628a586eadfd8abba6544d9932f32a02ad22
                                                                                                                                                                                                          • Instruction ID: f85da9b4ae1e686fa8bd1b3b1316d494fac75f608d62decc923de343c718adc0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5647ef45a3503552210d6661b63628a586eadfd8abba6544d9932f32a02ad22
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1B14721F0E66A0FE76967B858321BD7B95DF8A324F0501BBD109C72E7DC1C69029B41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B34E1 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 6OJ
                                                                                                                                                                                                          • API String ID: 0-3931202320
                                                                                                                                                                                                          • Opcode ID: d09f887b2f948a4f25dc2e1a364319bd5ed98c9c968f73aaab4e78ea9287f737
                                                                                                                                                                                                          • Instruction ID: a0603b19b2d04077c0ea694f1e3aa2b7382d6dd6a9753c3765ea021110da9ab5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d09f887b2f948a4f25dc2e1a364319bd5ed98c9c968f73aaab4e78ea9287f737
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF51BD30B18A1C8FEB94EF6CD855AED77E1FF68315F1501AAE409C72A2DA35EC418B40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B2B20 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: x6OJ
                                                                                                                                                                                                          • API String ID: 0-1321284873
                                                                                                                                                                                                          • Opcode ID: b55ec3220132f5dbc87938ea085b1c4be5badcdf58f1542a83ad08295f419b97
                                                                                                                                                                                                          • Instruction ID: 4e215512732922350ad4eb9dbfaae0bf07c4d3ecca204fdabf545db819461eef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b55ec3220132f5dbc87938ea085b1c4be5badcdf58f1542a83ad08295f419b97
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA413612B0FAAA0FE77A5AFC28712AC2F91DF56254B0A41FBC15CCB1F7DC0869069741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B3A0D Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: x6OJ
                                                                                                                                                                                                          • API String ID: 0-1321284873
                                                                                                                                                                                                          • Opcode ID: d52a8b2ae0a08e59a95c0d0fa85f8927e336388386afa8a2f8f1e8c611b390b0
                                                                                                                                                                                                          • Instruction ID: c29a90e803641cce34457565684d42e45f84d0a2cdb991189610eeccbc776111
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d52a8b2ae0a08e59a95c0d0fa85f8927e336388386afa8a2f8f1e8c611b390b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD413611B0EA6A0BFBB952B904753B826C1DF59718F5601BAD699C32E3EC0C6D425B41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B20FA Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 46181fc903bc958463586281a2f8c2895a7c6ec18eb18e66a666018d392c2995
                                                                                                                                                                                                          • Instruction ID: 10608cdfe1e6c0f2968ef156226895197db084fe1a2dcdf00bda8b81a7cef6ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46181fc903bc958463586281a2f8c2895a7c6ec18eb18e66a666018d392c2995
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF910917B1E1A60AE315B7BDB4665F97F61EF8123870842F7D0DD8F0DBDC08648A8295
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 104507cabb68f3638eb1a3c124b3677420d46796479874f1a1626a6b8a733030
                                                                                                                                                                                                          • Instruction ID: c6bf84e17588a07c27662171f94b3e272d574f3578fb05c3c9de04ea6bae4685
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 104507cabb68f3638eb1a3c124b3677420d46796479874f1a1626a6b8a733030
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E413711E2FBAA0FE7AA976848756A83BA1DF56250B0601FBC148CB0E3ED4C5D468742
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                          • Instruction ID: 1d5adb0db4673064f94400c73d7ad186b8f77c666749876ff84aadbccdf03b87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A41D33091E7C94FDB2A9BA958645B97FB0EF13329F0401BFD089C21A3CA582416C746
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FFD9B4B3E11 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000033.00000003.2632888696.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_51_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c208d56705d9e61d16ebcd8ee0339aeda4ee000f1a7261f143e0724132e7b76c
                                                                                                                                                                                                          • Instruction ID: 3c53196b32b776d6ed8dd6d2fb2986157e466d5988991724b8156ce27ac0d707
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c208d56705d9e61d16ebcd8ee0339aeda4ee000f1a7261f143e0724132e7b76c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54F0221450F5D95FDB63A7BD48706A67FE0DF07218B0904EBE0D8CB0A3D8881D96CB02
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%