Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup_BrightSlide_1.0.9.exe

Overview

General Information

Sample name:Setup_BrightSlide_1.0.9.exe
Analysis ID:1591753
MD5:65b4fe10012bde699554a767c31c2416
SHA1:eef1e709334083b0a95a64566aa3bec910827b86
SHA256:d07cdeea86a5d640d77d6a99aefadb541278ee113b3f6d3cf744b490c9bfebea
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

AI detected landing page (webpage, office document or email)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Adds / modifies Windows certificates
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • Setup_BrightSlide_1.0.9.exe (PID: 6996 cmdline: "C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exe" MD5: 65B4FE10012BDE699554A767C31C2416)
    • Setup_BrightSlide_1.0.9.tmp (PID: 7016 cmdline: "C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp" /SL5="$50324,7520305,874496,C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exe" MD5: A568EDB5FBEF438C94BB64A4BF9B766F)
      • BrightSlide Assets.exe (PID: 6712 cmdline: "C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe" MD5: EBC42D87DE3C7CE97839AB45C7A64C3E)
        • msiexec.exe (PID: 4872 cmdline: "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\BrightCarbon\BrightSlide Assets 1.0.1\install\BrightSlide Assets.msi" AI_SETUPEXEPATH="C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe" SETUPEXEDIR=C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1736938783 " MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • POWERPNT.EXE (PID: 3312 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE" MD5: 2A43FE7F9F699F7F53FEBC254F68F46D)
        • ai.exe (PID: 1100 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "468362C7-995A-47AF-9B87-E2D9CD529D1B" "DFAFD825-E62D-41DF-A2BB-96EF4102ACF3" "3312" "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
        • chrome.exe (PID: 4048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.brightcarbon.com/bs/made-by-brightcarbon/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 3224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,3741964338929768798,12122937423442735485,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • msiexec.exe (PID: 4108 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5996 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding AFC52F199AAED34CC8831814EF36D306 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 1468 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0B7DC241D0BA1BB98399486BD0215E57 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp, ProcessId: 7016, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\AddIns\BrightSlide\AutoLoad
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49715, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE, Initiated: true, ProcessId: 3312, Protocol: tcp, SourceIp: 13.107.246.45, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-15T12:02:13.030269+010020283713Unknown Traffic192.168.2.164971513.107.246.45443TCP
2025-01-15T12:02:13.030269+010020283713Unknown Traffic192.168.2.164971513.107.246.45443TCP
2025-01-15T12:02:13.030269+010020283713Unknown Traffic192.168.2.164971513.107.246.45443TCP
2025-01-15T12:02:19.391464+010020283713Unknown Traffic192.168.2.164971713.107.246.45443TCP
2025-01-15T12:02:19.391464+010020283713Unknown Traffic192.168.2.164971713.107.246.45443TCP
2025-01-15T12:02:19.391464+010020283713Unknown Traffic192.168.2.164971713.107.246.45443TCP
2025-01-15T12:02:19.399560+010020283713Unknown Traffic192.168.2.164971613.107.246.45443TCP
2025-01-15T12:02:19.399560+010020283713Unknown Traffic192.168.2.164971613.107.246.45443TCP
2025-01-15T12:02:19.399560+010020283713Unknown Traffic192.168.2.164971613.107.246.45443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: Screenshot id: 17Joe Sandbox AI: Screenshot id: 17 contains prominent button: 'submit'

Compliance

barindex
Uses 32bit PE files
Source: Setup_BrightSlide_1.0.9.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Creates a software uninstall entry
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29BB97A8-45FC-480D-A789-DF0212601E9F}_is1
PE / OLE file has a valid certificate
Source: Setup_BrightSlide_1.0.9.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 67.205.165.18:443 -> 192.168.2.16:49720 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Setup_BrightSlide_1.0.9.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\AddIns
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData
Source: powerpnt.exeMemory has grown: Private usage: 14MB later: 87MB
Source: chrome.exeMemory has grown: Private usage: 18MB later: 27MB
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49715 -> 13.107.246.45:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49716 -> 13.107.246.45:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49717 -> 13.107.246.45:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: brightcarbon.com
Source: global trafficDNS traffic detected: DNS query: www.brightcarbon.com
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: i.vimeocdn.com
Source: global trafficDNS traffic detected: DNS query: f.vimeocdn.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 67.205.165.18:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6b4bc6.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D4C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DAB.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DCB.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DFB.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{68AC05C9-7229-49B6-8984-60B9B6235670}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4E4A.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4E5B.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4ED9.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Fonts\BrightSlideAssets-Regular.otf
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6b4bc9.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6b4bc9.msi
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI4D4C.tmp
Source: Setup_BrightSlide_1.0.9.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: mal48.evad.winEXE@29/64@11/72
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile created: C:\Users\user\AppData\Local\Programs
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeFile created: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Process Where Name="PowerPnt.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Process Where Name="PowerPnt.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Process Where Name="PowerPnt.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Process Where Name="PowerPnt.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Process Where Name="PowerPnt.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Process Where Name="PowerPnt.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeFile read: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exe
Source: unknownProcess created: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exe "C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exe"
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeProcess created: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp "C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp" /SL5="$50324,7520305,874496,C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exe"
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeProcess created: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp "C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp" /SL5="$50324,7520305,874496,C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe "C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding AFC52F199AAED34CC8831814EF36D306 C
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\BrightCarbon\BrightSlide Assets 1.0.1\install\BrightSlide Assets.msi" AI_SETUPEXEPATH="C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe" SETUPEXEDIR=C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1736938783 "
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0B7DC241D0BA1BB98399486BD0215E57
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe "C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "468362C7-995A-47AF-9B87-E2D9CD529D1B" "DFAFD825-E62D-41DF-A2BB-96EF4102ACF3" "3312" "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\BrightCarbon\BrightSlide Assets 1.0.1\install\BrightSlide Assets.msi" AI_SETUPEXEPATH="C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe" SETUPEXEDIR=C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1736938783 "
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding AFC52F199AAED34CC8831814EF36D306 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0B7DC241D0BA1BB98399486BD0215E57
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.brightcarbon.com/bs/made-by-brightcarbon/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,3741964338929768798,12122937423442735485,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "468362C7-995A-47AF-9B87-E2D9CD529D1B" "DFAFD825-E62D-41DF-A2BB-96EF4102ACF3" "3312" "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.brightcarbon.com/bs/made-by-brightcarbon/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,3741964338929768798,12122937423442735485,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: davhlpr.dllole32.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: lpk.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: msihnd.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: tsappcmp.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: msisip.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeSection loaded: mstask.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dwrite.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InProcServer32
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpWindow found: window name: TMainForm
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Security\Trusted Locations
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29BB97A8-45FC-480D-A789-DF0212601E9F}_is1
Source: Setup_BrightSlide_1.0.9.exeStatic PE information: certificate valid
Source: Setup_BrightSlide_1.0.9.exeStatic file information: File size 8430600 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll
Source: Setup_BrightSlide_1.0.9.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Setup_BrightSlide_1.0.9.exeStatic PE information: section name: .didata
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-P0B7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4ED9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile created: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DAB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile created: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\is-FDGO4.tmpJump to dropped file
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeFile created: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeFile created: C:\Users\user\AppData\Local\Temp\shiBE75.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4ED9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DAB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrightSlide
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrightSlide\Online Support.url
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrightSlide\Uninstall BrightSlide.lnk
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeRegistry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA
Source: C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXEWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-P0B7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4ED9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4DAB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiBE75.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe TID: 7076Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeFile Volume queried: C:\Users\user\AppData\Roaming\BrightCarbon\BrightSlide Assets 1.0.1\install FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeFile Volume queried: C:\Users\user\AppData\Roaming\BrightCarbon\BrightSlide Assets 1.0.1\install FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\AddIns
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpFile opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess information queried: ProcessInformation
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\brightcarbon\brightslide assets 1.0.1\install\brightslide assets.msi" ai_setupexepath="c:\users\user\appdata\local\temp\is-5rq9g.tmp\brightslide assets.exe" setupexedir=c:\users\user\appdata\local\temp\is-5rq9g.tmp\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1736938783 "
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\brightcarbon\brightslide assets 1.0.1\install\brightslide assets.msi" ai_setupexepath="c:\users\user\appdata\local\temp\is-5rq9g.tmp\brightslide assets.exe" setupexedir=c:\users\user\appdata\local\temp\is-5rq9g.tmp\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1736938783 "
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDate
Source: C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\PowerPointCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		11
Windows Management Instrumentation		1
Windows Service		1
Windows Service		21
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Browser Extensions		11
Process Injection		1
Disable or Modify Tools		LSASS Memory1
Query Registry		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		111
Virtualization/Sandbox Evasion		Security Account Manager111
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading		1
DLL Side-Loading		11
Process Injection		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Extra Window Memory Injection		1
DLL Side-Loading		LSA Secrets11
Peripheral Device Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials2
System Owner/User Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Extra Window Memory Injection		DCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem25
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Setup_BrightSlide_1.0.9.exe4%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\_isetup\_setup64.tmp0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp1%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe (copy)0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\shiBE75.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shiBE75.tmp0%VirustotalBrowse
C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-P0B7F.tmp1%VirustotalBrowse
C:\Windows\Installer\MSI4DAB.tmp0%ReversingLabs
C:\Windows\Installer\MSI4DAB.tmp0%VirustotalBrowse
C:\Windows\Installer\MSI4ED9.tmp0%ReversingLabs
C:\Windows\Installer\MSI4ED9.tmp0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
vimeo.map.fastly.net
151.101.0.217
truefalse
    		high
    code.jquery.com
    		151.101.66.137
    		truefalse
      		high
      s-part-0017.t-0009.t-msedge.net
      		13.107.246.45
      		truefalse
        		high
        brightcarbon.com
        		67.205.165.18
        		truefalse
          		unknown
          www.google.com
          		142.250.186.100
          		truefalse
            		high
            www.brightcarbon.com
            		unknown
            		unknownfalse
              		unknown
              f.vimeocdn.com
              		unknown
              		unknownfalse
                		high
                i.vimeocdn.com
                		unknown
                		unknownfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  52.113.194.132
                  		unknownUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  142.250.186.35
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  104.18.38.233
                  		unknownUnited States
                  		13335CLOUDFLARENETUSfalse
                  1.1.1.1
                  		unknownAustralia
                  		13335CLOUDFLARENETUSfalse
                  13.107.246.45
                  		s-part-0017.t-0009.t-msedge.netUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  172.217.18.14
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.186.163
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  51.116.246.106
                  		unknownUnited Kingdom
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  142.250.185.163
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  67.205.165.18
                  		brightcarbon.comUnited States
                  		14061DIGITALOCEAN-ASNUSfalse
                  52.109.28.46
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  151.101.66.137
                  		code.jquery.comUnited States
                  		54113FASTLYUSfalse
                  2.23.242.162
                  		unknownEuropean Union
                  		8781QA-ISPQAfalse
                  66.102.1.84
                  		unknownUnited States
                  		15169GOOGLEUSfalse

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1591753
                  Start date and time:2025-01-15 12:01:16 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:23
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Sample name:Setup_BrightSlide_1.0.9.exe
                  Detection:MAL
                  Classification:mal48.evad.winEXE@29/64@11/72
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe
                  • Excluded IPs from analysis (whitelisted): 104.18.38.233, 172.64.149.23
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtCreateKey calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • Report size getting too big, too many NtSetValueKey calls found.
                  • Timeout during stream target processing, analysis might miss dynamic analysis data
                  • VT rate limit hit for: brightcarbon.com

                  Created / dropped Files

                  C:\Config.Msi\6b4bc8.rbs

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:modified
                  Size (bytes):10890
                  Entropy (8bit):5.6469543593304685
                  Encrypted:false
                  SSDEEP:
                  MD5:B8F21D120B1D23F91236A4063613FBCF
                  SHA1:D41B443F4546E34BB7F80125B64839CD3752C18A
                  SHA-256:577FCA634AAE352269118A48F13B62089AC789428BAFFD68F51DBB08889549D7
                  SHA-512:73BB59E8FAD14B60FEDC759DA4C9BCE35733C953DCA5ADA4DF0FBEB8E89A513309CCDC0F292421BA98802EFE197F3AC1B1975DE3CB7E9ABFDCFEAC5EB5CADB8F
                  Malicious:false
                  Reputation:unknown
                  Preview:...@IXOS.@.....@@0/Z.@.....@.....@.....@.....@.....@......&.{68AC05C9-7229-49B6-8984-60B9B6235670}..BrightSlide Assets..BrightSlide Assets.msi.@.....@.....@.....@......BrightSlide.exe..&.{BEFE4E98-8143-4D7A-8348-E7CE415B24C8}.....@.....@.....@.....@.......@.....@.....@.......@......BrightSlide Assets......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{FFF2F492-33DD-4E46-A7D9-87B5EE380775}&.{68AC05C9-7229-49B6-8984-60B9B6235670}.@......&.{573C6F40-4E56-4707-AE35-18A68D6C9F52}&.{68AC05C9-7229-49B6-8984-60B9B6235670}.@......&.{BCEC89C2-CC02-4173-8A76-6A47C263C8A7}&.{68AC05C9-7229-49B6-8984-60B9B6235670}.@......&.{A4BD72AD-48F4-45B8-ABEE-7C7851273AA1}&.{68AC05C9-7229-49B6-8984-60B9B6235670}.@........CreateFolders..Creating folders..Folder: [1]"...C:\Windows\Fonts\.@..............4.......T...........P......8....\l#mW.wn..d.........P......8....\l#mW.wn..d...T.......(.............P......8....\l#mW.w

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe
                  File Type:Certificate, Version=3
                  Category:dropped
                  Size (bytes):1410
                  Entropy (8bit):7.510392293831735
                  Encrypted:false
                  SSDEEP:
                  MD5:AB9B109CE8934F11E7CD22ED550680DA
                  SHA1:8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B
                  SHA-256:38392F17CE7B682C198D29C6E71D2740964A2074C8D2558E6CFF64C27823F129
                  SHA-512:678A8048E54A1323F8B5A8E735A1085A5BDD22BD2A3F5A975FD2824049725EB06405029901071356F42CDFD843712C05B418598FAD700AD7A1EDB1FA9B37AF20
                  Malicious:false
                  Reputation:unknown
                  Preview:0..~0..f.......g..>.{..O.......0...*.H........0{1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U....Comodo CA Limited1!0...U....AAA Certificate Services0...040101000000Z..281231235959Z0..1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U....COMODO CA Limited1+0)..U..."COMODO RSA Certification Authority0.."0...*.H.............0..........T...V...$...Dgt.+7.}#p.q.S...*..K..V..pr.a..K...=..a......>..>\...4z..k....zv.q.......l.....~.../O.....gCr.....k,.....~..n...$.Ckb.U....l.......li..xH0E...<E`.2.Q'.g....k.F.. ...e.H...N..F7....HCgNr*.\.L.(.\"{......Q...FNm>.....|3WA<.Q...\.,c..W.?..]..E..Z$...V=.o..IX.......7.....:..CB........`..(V......q....=...H.<...."L....V;...[..."R...i.Le..-pt..g.)iR....PjUF...(a.p...,!.G.(..Ev...'....P.k.L.q0.......@...B...3:.\.A..c..qk+..1\:jG..yY. ...j..r.WJ.K.....LA...=^(....Q.G.S........0..0...U.#..0......#>.....)...0..0...U........~.=...<....8...22.0...U...........0...U.......0....0...U. .

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):298
                  Entropy (8bit):3.1627601409941186
                  Encrypted:false
                  SSDEEP:
                  MD5:A82C1F952A403C6184099A19FD414726
                  SHA1:237A2E03166515D955F46A0F27A77F9369405535
                  SHA-256:4AD3C7EDFD884CEF79A78EF6A095C4C860FE49BEF5028A1759EFEA742CCDBFAA
                  SHA-512:FCF009186343FA970CFF031660D83A1B0DC1628A7DD891A9E001A24AA48E3CFE0852A79FA9DAD579DE7785660617A4C08B146CDEE59BE380B8DEDCA2E7DE253C
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ....`....2j.<g..(....................................................... ..........2.....Q..V...............h.t.t.p.:././.c.r.t...c.o.m.o.d.o.c.a...c.o.m./.C.O.M.O.D.O.R.S.A.A.d.d.T.r.u.s.t.C.A...c.r.t...".8.d.4.c.4.a.2.3.b.a.9.e.e.8.4.e.a.7.3.4.8.f.a.9.8.c.c.6.e.6.5.f.b.b.6.9.d.e.7.b."...

                  C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):152056
                  Entropy (8bit):4.414541271899777
                  Encrypted:false
                  SSDEEP:
                  MD5:651ACDED041920DEE113CDA7A52A7F4C
                  SHA1:6916C27682B51580BFE9CDE35DDC7EBFA8019440
                  SHA-256:044660F821866B3FD0CA26FBE3FBA6F3722B44B9DFE6AF24018301AEAA010817
                  SHA-512:45EB94D7CCC254608199A1DD3009E9E2AF61FEFA628E382FE1D76086D2C4168F23CA190648743B4213095BBBDF92F9DABBBD9B25AE7EFA3FD477F836AB6A47F4
                  Malicious:false
                  Reputation:unknown
                  Preview:MSFT................Q................................$......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0*...*...*..\+...+..$,...,...,..P-...-......|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8...8...9..l9...9..4:...:...:..`;...;..(<...<...<..T=...=...>...>...>..H?...?...@..t@...@..<A...A...B..hB.......B...........^...............g...............W...............F..............<G...............g...............i...I..............T..................................................................................................

                  C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:EBC42D87DE3C7CE97839AB45C7A64C3E
                  SHA1:D30AFB2625ABBB302722B13045F6F92EB0C1E512
                  SHA-256:9F02ED6C5F41D14055F8A1A6A31C1E2C8769DB5A5B0760F03EE28E966563A7AE
                  SHA-512:B3D7DD97DFB05DE92DB858A25A815A82EE4ED59116354F0BA7642F0AE0D022BEB4022E0900134A3CA7E9B1EA448647C4F0BD42D3DFC5E964DF9CB9A268E55D5D
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .&.d~H.d~H.d~H.p.K.j~H.p.M..~H...L.w~H...K.s~H...M..~H.p.L.~~H.p.I.g~H.p.O.f~H.d~I..|H...A.F.H.....e~H.d~.e~H...J.e~H.Richd~H.........PE..L....#!_.........."......v...,......."............@........................... .....>@4...@..................................h..(........U............4.0....P..........p...................0...........@....................?..@....................text....t.......v.................. ..`.rdata...............z..............@..@.data....n.......V...b..............@....rsrc....U.......V..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\_isetup\_setup64.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PE32+ executable (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):6144
                  Entropy (8bit):4.720366600008286
                  Encrypted:false
                  SSDEEP:
                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                  Malicious:false
                  Antivirus:
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\is-FDGO4.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):3421456
                  Entropy (8bit):6.430917262764361
                  Encrypted:false
                  SSDEEP:
                  MD5:EBC42D87DE3C7CE97839AB45C7A64C3E
                  SHA1:D30AFB2625ABBB302722B13045F6F92EB0C1E512
                  SHA-256:9F02ED6C5F41D14055F8A1A6A31C1E2C8769DB5A5B0760F03EE28E966563A7AE
                  SHA-512:B3D7DD97DFB05DE92DB858A25A815A82EE4ED59116354F0BA7642F0AE0D022BEB4022E0900134A3CA7E9B1EA448647C4F0BD42D3DFC5E964DF9CB9A268E55D5D
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .&.d~H.d~H.d~H.p.K.j~H.p.M..~H...L.w~H...K.s~H...M..~H.p.L.~~H.p.I.g~H.p.O.f~H.d~I..|H...A.F.H.....e~H.d~.e~H...J.e~H.Richd~H.........PE..L....#!_.........."......v...,......."............@........................... .....>@4...@..................................h..(........U............4.0....P..........p...................0...........@....................?..@....................text....t.......v.................. ..`.rdata...............z..............@..@.data....n.......V...b..............@....rsrc....U.......V..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp

                  Download File
                  Process:C:\Users\user\Desktop\Setup_BrightSlide_1.0.9.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):3210752
                  Entropy (8bit):6.378559510651914
                  Encrypted:false
                  SSDEEP:
                  MD5:A568EDB5FBEF438C94BB64A4BF9B766F
                  SHA1:1B5DF4F27DF4DF386F37F00B5F5E7EED942CEBE7
                  SHA-256:05D38234C03D547B09A068D5BCDA0ABDF15D66776ED5C755000313A4AAC41100
                  SHA-512:7E16D631A40A4D1468EFC83EF85BFD92AAE846B0579465C27CC2D0A911D026D5F25F3813D263C5210EEE0F9765F65007603C2CCE6B686A4568C6E9C120A2A42C
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 1%, Browse
                  Reputation:unknown
                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9......X............................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc...X.............-.............@..@..............1.......0.............@..@........................................................

                  C:\Users\user\AppData\Local\Temp\shiBE75.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):5038592
                  Entropy (8bit):6.043058205786219
                  Encrypted:false
                  SSDEEP:
                  MD5:11F7419009AF2874C4B0E4505D185D79
                  SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                  SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                  SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\~DF12EAAED836E94A9A.TMP

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):13312
                  Entropy (8bit):3.5673266724020847
                  Encrypted:false
                  SSDEEP:
                  MD5:43E2F84FA6B65828AC197D4D621D6889
                  SHA1:6143CBEDC49BB239DE503706FC5E44E86763AE2D
                  SHA-256:B8B15890622A485EF0FC12E81AD0FEDFA4B50B2FF1A681F7F0034CFCE1EEBCF1
                  SHA-512:F76439CC00BD573C5D73BC327F2D2E085343BFAE7237791BA250BE3F1752F1C25BEF1F823336834B622CA200AA69BAEED2B002EAB0A5026B878DCBAA741D4CEC
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\~DF2F2D873B1CA76580.TMP

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):13312
                  Entropy (8bit):3.569517455819853
                  Encrypted:false
                  SSDEEP:
                  MD5:B6C539FB3671BF7B9600BE928FAF6195
                  SHA1:F5FA470F3D7F457EE2B42F8BDE4CBCE4A91191F0
                  SHA-256:34AEB2D1A4D0F09799EC19813DE4FD7A40CC4FB201128B511B9EE5AB1724C071
                  SHA-512:7FDA75A48E0A8C6FFC0DCF45FE841796B4C8F8CE1D65E6D2063AB60479EE779C7D9CE76778B07468F340EAF216E4E3CB2E7EB8BA5EB90D53FB7A938D90459338
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\~DF31F60BA0F9E11D27.TMP

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):3.7208768708156468
                  Encrypted:false
                  SSDEEP:
                  MD5:DB43F4428CD0762BD2E966AF6C948501
                  SHA1:E4C0E6DD4E546414260A4D9DB08A01174650B2CA
                  SHA-256:724D6D1A9633241D02219E18FDC241906928DDEB6FDBCC3383F4C8F11EC0D860
                  SHA-512:CB09CC58B001A832DCB6806697ABE2C46B29978083F7FE0FE3FA38B54CC8BC717963D52988F46392C3C24B1759D34E86B66537817BCE04B59703AE0CCCEF0FAE
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\~DFA5F01B66EDA404AE.TMP

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):13312
                  Entropy (8bit):3.5714102720690137
                  Encrypted:false
                  SSDEEP:
                  MD5:25C31EB2F88A789F12B2E883DCDFAEAE
                  SHA1:8CC3F370ED172A21C95BF6A31E1C08174306ABAC
                  SHA-256:5E753EE02D3E99FEBB35AAC2B9C15D156EDB9C2CC4708F29A50ED9929AA1B182
                  SHA-512:A5ED3D8DF57B8966E210A5CCDD2EFBEF09F4E5814468FE4723AD9F6CEC320B7BB78269A81D7AFF211FB12CBF4251FDB80A1238B176074CB802414B74E33459AA
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\~DFC1E2CAE518CC85D0.TMP

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):13312
                  Entropy (8bit):3.5697561048758684
                  Encrypted:false
                  SSDEEP:
                  MD5:A45F71E2FD9805347A03ADE0441C96ED
                  SHA1:6764AE03B48F3E2833BB306B14186160DF624942
                  SHA-256:24D3BA16A3175B2442BF8C3B43FEEED1FC59E36B080EC58B49F9EA26B712D5EC
                  SHA-512:1716FBBB0CC45102029B9A3089249F3752B0F1073EFFD3720D2DB46C56433F939291EE1FC0790A53B592FE3B757BB24567299359927557FFBD9F2471810EE1BC
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\BrightCarbon\BrightSlide Assets 1.0.1\install\BrightSlide Assets.msi

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe
                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {BEFE4E98-8143-4D7A-8348-E7CE415B24C8}, Number of Words: 2, Subject: BrightSlide Assets, Author: BrightCarbon, Name of Creating Application: Advanced Installer 17.3 build 2e9bb285, Template: ;1033, Comments: This installer database contains the logic and data required to install BrightSlide Assets., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                  Category:dropped
                  Size (bytes):1262592
                  Entropy (8bit):6.486978455087362
                  Encrypted:false
                  SSDEEP:
                  MD5:26B5ED69032C9C70CE6D6FA40D384046
                  SHA1:5D832BA04ED16CCD59474D722B66224B52CEB728
                  SHA-256:C94780860FED113E429B4479B03979C86DC35D91F40B6396FA3823BE0664A24C
                  SHA-512:23ECC152A1A42C0C639404D8300C69627510B001055F58460A3E730F97E7400640CB78F873D56872956DBAF3B8525973F2CD0AB935444228B3BFAAD0A51F7A48
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................z...................................................................................................................................................................................................................................................................................................................................................................................d...............3...&........................................................................................... ...!..."...#...$...%...2...1...(...)...*...+...,...-......./...0.......8...4...D...5...6...7...:...9...A...;...<...=...>...?...@... ...B...C...I...E...F...G...H.......J...c...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b.......e...w...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...x.......y...z...

                  C:\Users\user\AppData\Roaming\BrightCarbon\BrightSlide Assets 1.0.1\install\BrightSlide Assets1.cab

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe
                  File Type:Microsoft Cabinet archive data, single, 2656 bytes, 1 file, at 0x44 +A "BrightSlideAssetsRegular.otf", flags 0x4, ID 1234, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                  Category:dropped
                  Size (bytes):10440
                  Entropy (8bit):7.564159657034652
                  Encrypted:false
                  SSDEEP:
                  MD5:98A6C452BAA200F8486BBD0A8A7EFA07
                  SHA1:39CFDE56C576764BEC9AF111429B770145661DCB
                  SHA-256:E397A2401BFF1A07100EAD17002723D7C00AD888D751F5A76C22A30EB3D9C450
                  SHA-512:CBE437457C10B65D34C6C550DC9035DDF1AECF72DFF494AE74229EEC8D99AEB27001090CEC784CEBB13A615BB9067B47A4C614D88568892DDDEB7FB39A34E24C
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF....`.......D...........................`...h...........q.......T.........tQ.: .BrightSlideAssetsRegular.otf....'..T.CK.W.p.....n....C..K..."...].@.m..A.#%\.gH $..?G..$....l;..X.. P.gTd,qD.P.1@...Q..8sA....y.......M...............].,.[.........>.h-............p.RD..u..C....()...(..._.h.~c.....h.76.kK.G.(.6.L.a+F.-.OmKtv...w....d..k.......i...W...........\.....\...n......._=.f..`u0.p..Q...<...V...i...Bo.|...e.W.i.....qz..{r...~.X..(.1Q22.lg.\....Y]3..s..".... .C..J>i....ZZ...W..-Yy..C....1.W.#....uE....;mT....3h..a.I[a*|.y.....L..>x..0..6.<z<......i+p|.rKa.9......\.I[.Vn.I.p.w..h.......p..>.......3&]...-....m......Hyp]w.R.T5&.o...l....M...hGG...6.uSc2...g.g....c..h.\n.4Wn.';.c..K[{gS...#_>?.1......KC.Ce.g..}C....m..Z...ta..=.U..[.....Z..:.@.......r...j.*.4....uh..W....B8.uV.&..!..Q...Gi.."..V\e>"h..H.`>...X..!ue?.^n.....9x....%Q..|..\.P....e....r\O...h.Z...h..1.g.>g.^...&W..6}.P..fS.fH.;..e...nY.{.....n@.<...Y....x....U.Z

                  C:\Users\user\AppData\Roaming\BrightCarbon\BrightSlide Assets 1.0.1\install\holder0.aiph

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-5RQ9G.tmp\BrightSlide Assets.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):10440
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:184F441867F6A15CEC7E4699CCC929C3
                  SHA1:DAF8D5E067617C73B2E5F7B43E6797544E583D23
                  SHA-256:F8CA85881E0C1D80BF93263AD7FCE48FAC9D94F114761D9B69F64CF4749A9C80
                  SHA-512:24EA4F11B1339E041B179F3108178EB78B3E867C9121C67A2BF65C15A218E06C42FD08513532D1E460B7A715D49374312F2C25672891DED72C9F3F8646B37A81
                  Malicious:false
                  Reputation:unknown
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\BrightSlide\MyAnimations.pptx (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:Microsoft PowerPoint 2007+
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:A2C2EDDFFE9F7AFFD850FAD93778A60C
                  SHA1:FF4394D76ADB5563AEDE6822AF0605E943999BCC
                  SHA-256:E2E7A5C919BA28D24E156CADF0AAB796144824DC7503F428FF009FDB9403164A
                  SHA-512:A398324E9B039EA4FBA36738ED2AD93B08A1025F57D70FF02AE099E4130F060B00E5399E25F8DA5F8A15B7E782B7189EFA560D3D3827F171F8F5480D350A1C0D
                  Malicious:false
                  Reputation:unknown
                  Preview:PK..........!..{.. ...e.......ppt/presentation.xml..n.0...'....N4....&u.*...........N{..;.Gi.u.m.b......q.3.>..:b.2Fg.{5.-L..ft?......D4E.Q<..X.......X`*..P.d....}...8.H.8G....m.x.$t..I9z...8.p.99.m..G..n.%x.2..+....C..B.j.G..x..@G.-...kF..:...-H.......F..+Kg.... .......K`;..V8e....Z....../.:...&..It}..Vr..y.....@r..Q...4......n.4^I).....r.(.....].[z.uv.(DT..1.....fG.5..w.;..zVH".h/Z.#...).;T.y.Or+...H.m6.n7."H.6L..[..u!G....#~..Y.......;..}.7..Y....].G..R....0...MI.Y.k.....J..s.1.wA..#Y.....u..W.#....5)...Z.\...`.%..".'.`ta..2$.......4<...E..#.p.GC1|..O....>A...Gn.....@a.P..:....b.E- .#.c..)*...h...7..b..- E..H7T..q.P....tCE.8__1......ZV.....z.^z.?.F.z.x.p..Oo0^..u....p.[]..P]...Y.A.....U9.g.g...U.rS.9.{.`...\.*.*..4.o.`PR.q..K....B..&D......"X..SG....u/..+>...v.6..fB....1.nw.........V..?.......PK..........!.................[trash]/0000.dat........................................................................................................

                  C:\Users\user\AppData\Roaming\BrightSlide\is-7KAPP.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:Microsoft PowerPoint 2007+
                  Category:dropped
                  Size (bytes):43358
                  Entropy (8bit):7.198371072500843
                  Encrypted:false
                  SSDEEP:
                  MD5:A2C2EDDFFE9F7AFFD850FAD93778A60C
                  SHA1:FF4394D76ADB5563AEDE6822AF0605E943999BCC
                  SHA-256:E2E7A5C919BA28D24E156CADF0AAB796144824DC7503F428FF009FDB9403164A
                  SHA-512:A398324E9B039EA4FBA36738ED2AD93B08A1025F57D70FF02AE099E4130F060B00E5399E25F8DA5F8A15B7E782B7189EFA560D3D3827F171F8F5480D350A1C0D
                  Malicious:false
                  Reputation:unknown
                  Preview:PK..........!..{.. ...e.......ppt/presentation.xml..n.0...'....N4....&u.*...........N{..;.Gi.u.m.b......q.3.>..:b.2Fg.{5.-L..ft?......D4E.Q<..X.......X`*..P.d....}...8.H.8G....m.x.$t..I9z...8.p.99.m..G..n.%x.2..+....C..B.j.G..x..@G.-...kF..:...-H.......F..+Kg.... .......K`;..V8e....Z....../.:...&..It}..Vr..y.....@r..Q...4......n.4^I).....r.(.....].[z.uv.(DT..1.....fG.5..w.;..zVH".h/Z.#...).;T.y.Or+...H.m6.n7."H.6L..[..u!G....#~..Y.......;..}.7..Y....].G..R....0...MI.Y.k.....J..s.1.wA..#Y.....u..W.#....5)...Z.\...`.%..".'.`ta..2$.......4<...E..#.p.GC1|..O....>A...Gn.....@a.P..:....b.E- .#.c..)*...h...7..b..- E..H7T..q.P....tCE.8__1......ZV.....z.^z.?.F.z.x.p..Oo0^..u....p.[]..P]...Y.A.....U9.g.g...U.rS.9.{.`...\.*.*..4.o.`PR.q..K....B..&D......"X..SG....u/..+>...v.6..fB....1.nw.........V..?.......PK..........!.................[trash]/0000.dat........................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\BrightSlide Helper.ppam (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:Microsoft PowerPoint 2007+
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:374A50D375B05421A39BC8D8B333F212
                  SHA1:143EB10D6949D6758C2C4A21E4DDCCDD9E4FE4D0
                  SHA-256:72571D5AB379F18A0A9F9CAB7535EB6E212F04F6063BB2F35A87F9ECD0100FDF
                  SHA-512:FCADE0CA1AE6A9243882E5864B22CE11521CA3153463A6285C5FA7FAA06C5845388DEF6CDDA9499222F519077299C9CCA8937917FE4A6DC3BDD47B020D9844D9
                  Malicious:false
                  Reputation:unknown
                  Preview:PK..........!..-..............[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0..w$...b...P..PF.P...\.Cr..#.o......h...a_.9...0D..*....RW...Sv'Ed...GX.#F.../...c.IM..=...:..G..y.4i]...1t.y...M..j.8..CV.#..1......ImI...7G......Nc=Q.......T...74,..f........ZW%.....x..3...|..{I..l.b...aL.......na..N......%V.]..Lp[.z.....z.S........PK..........!................._rels/.rels ...(.....................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\BrightSlide.ppam (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:Microsoft PowerPoint 2007+
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:DA834EA699D2FDBA5458348909BDB26E
                  SHA1:FA35D81EA2F2C7B5FEAEAB340E6AC553AAD45F6A
                  SHA-256:10F44EC95CA4D2A3830753AE9197527ACFA30E31AC3AC6F88B8D270805A79A34
                  SHA-512:56BE3F54DD8F6304F9788FB1E8DDB0BB3211979E2219E6D76B352DC903F73E8A75D0A83858B877BA16EA979944C91F9802856A131E54CBA62B5D5D73A3673EAC
                  Malicious:false
                  Reputation:unknown
                  Preview:PK..........!..k).C...v.......[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................AO.1...&...W.-Jb.a!F.......R.N.. .{..j4..9....f:.`.65[...R.OE.3$e.MU..o...B.*...9.`.....q.0...E..R..h ..R...@LG_I...*.g..T."R.b.....,aYG6^..m'sM.]ou.*..\...T.+*...-K.P..0...U...0G.0m.f.tr.a.X.?..:e..P$g.....I.t..J7`.O..@6..'`.J:........vo..+zg5E.EZ.0.....kL....k....tE..........wU..`f..'x.?.:.7H............PK..........!.SF.............._rels/.rels ...(..............................................................

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\alignToFirstL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:91E734D1E5BBA909C4901CA4D8D4D7AD
                  SHA1:3EB16C0BEE9067E690F9B93B97CAEA0939F80E6E
                  SHA-256:9DAE491F1C6651DC230A44F2112DAEDB8DBC17956CC7351A93F90AA5F493F589
                  SHA-512:8878B245E70366F22234EC802CFA39003F4AF835F694DC20A11301F6895A9C1724D9053AC2C2665DEA664A2CD70597FEB45A5663A12DE23A8B8FCC165B021A1F
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$....FIDATx..AK.A............Y=k.@...Y.t...C..B....`...?...K..9....;....."...y.y3.fG%.. ..y{.......%......3v...a..pt.,..}...e...!.......{.."..xF.t...&.f.V_.....`..nD9e]..K..@. ......3.@.n..x&6...l..t...'...=...j..j.J.h.~r...W..wj4.......n.U.{I..1.n.j....K.....JEu:..'..fj8|.>Qg>..^.|.8...{.|..F.\./....H..$z..f.t0.x.D&.*...s^-F>.y...tT.66.tf.....>.y..P'....A=.Y..1..y..E.....x..hpF....[..8...N..... ....dxj1....D..e:.t..~:..`?....x..\"......`c.dex. ..6........-.L.7....Nr....X..][../p0..\?9... ...g......w......pl.>...&0..,:r7. ...g.g.m..v..#.....?E. .A..A...PJ...3....d.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\alignToGuidesL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:196659E2912FD5E77331B3D8AC1F2125
                  SHA1:E8573B90DD8DF5B60CDC92565B10F6D97AA33682
                  SHA-256:EDACE35A84228FC6AC89E0EFD3AC813F7E0148786E03D770F5759E63605A031A
                  SHA-512:6F8D57B04F2A91CFBB373C0E9C5F6CB69A2D6F7558B26CCC1A98DD084721111BB3843143C26E90D1B137B7806C6FCA6AB8334F20D4B8ECD0DAEA9B3C8F1CB4D9
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$....JIDATx..AK.A.......[.......t......NAx.....KD.x.....H../..........,.........A..a9{...\.K.u....."..x.N.........`.g.# G,s....m..}.'........3r.j.NT`...|..8._.....`.x..s..7O.....!...g......^ .......f.p........Va... P..*..d...'....E..z.^.A.\.z]5..}..&@.....1Q....j4.f.`2..n.i..>..T.Z..;..L. ...juv....B.<..i0..J.".q0.x.D..........$..lh.Q.....,..<.}.....Ot...A}w.0.c....X.mpN....}l........:.8...Ot........w......".%....t..16.t..@>G..9.u.W..T..5.X..i..)...P...v..q....c..........k3..d....$7O........."..x.....k.v6.!g.1...7.9.d....3.....m...0F.-.....".. ....J._i>..|I-.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\alignToL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:3AA880A71196180ED0785ED76711F617
                  SHA1:DF1B423C566BD25E434CF007AAE8DC81FEC912CB
                  SHA-256:3C1955E68F37B2AD057234DB94D61CB3B9F4B8220EAAA9E1F89AA28BB7479DEE
                  SHA-512:BF97DC831D1CB17A64124E7F1B2E4130E2A3507C049AA8F780A2F3F7E2D8D470A3D2DDB89B611B752B66169E4A8D64E0116FF78E8586E7C369BA3FD0B1864BB6
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$....MIDATx...J.@..W....(".&".Z...x.R|..Yz..m..!U..>F..w..]H.O..F.v...0...|;.m... .".......R...d...@.x..n..9...\..|.>.j.e.b.*.v...K....@.xFM........_..-.....9......a*/...:e..+..y.."C.... .$.g....3.g........:k.V+6...(.R.0.Y.s..4.....c......M.S.A.\.n...wR{.*. kE.dEL..F..z......k6.<...l.p. }GQ....=w..n.+\..S}p.@..|._..u..`..&..+....<...y...xT.16.t&....a.r..6.I....4.W7..>..|..M....0q(..6....;<@.C..6.I...X.TXE.."..c..E.S....x..16.t..@>G..9.u......mk.P..Y..)...P.....Q9..R.*.X.\.>...X.^]..._<A..e...S........3H.......9...k..u.A..;B.....#$@.H.....8....G.1....B.H.. .. ..`...U...t%d.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\alignToSelectionL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:24FF4B975FA15E650A77A69DC2263DDB
                  SHA1:AAB239C6DDBB60B2C793E6EDCDF5E4AF7E43C641
                  SHA-256:EA92A5CB8987498DCB79489A6B67EC65290160E77CBAB38D3F064CCF51100DAC
                  SHA-512:CD390841A732EAD6E7D4FF3FD9034BFCF8E57FCAAB87F2F42B7082C023FF5513C58E287800DBC42A5A9BD7B8EEC44E5CD04B966C0B2EBBAD3C1A4E5ED99260CF
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..1L.A....).C....(11.R...HH.................K'4!......i1a.D.. ..H..^,..^{_..\..K:....{.w..}W..A....|../.C.t..b....XF...FX.ax8<r.g.g@3Q...= Z#...'..[?.$.D..f.].[C..a.....3...._...)p.T....$.D....Q,.=.x.v....tp^N.V.[.0....../..{1.......G...C;.....0....6...f....d..WC.....#..1..Z.......%{..........!..6..3x5.$...cf.;...........oxq.H.t@f=._w~...=x..)..t......T....<..y.....m..O.q........y...Mi.0..../....._....M. .......u... ...,r.Lu...I.....O....C...`.....yLu~....6.Q}..:...T........B..j0l...,..*<]...._/TzG.,.l..4.....X.n...PP...=k+w...t.Z'.qrX.<@.@.....2.....Y....=...z..lt.n.A.@..`...|.l....m...W...Q.A..A.l....1f.`4.'.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\alignToSlideL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:36EEC3D380D638AF88F85163E20437B8
                  SHA1:8F8FFF9323B8386F0B3F9B7329794C6CFB238CF2
                  SHA-256:7B76B100D16BADA4A19872A0D410E2EA6CB386B08031773D227271A12D823EF8
                  SHA-512:AA390B7B85F8569E6E40D0351065B0A86CE75E504634E5266770000261A916BBAB2A680B2B48E2BD4FEDC2D42A27F9F1082365DD47E388AC717002D5F979F16C
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$....WIDATx..1K.1..t......P......:..X...d..H...,.m.nE(""....[?@w..4pw.r...I.....y..$/...a..I..m...v...s.X... ......0.~...s[...|...e.....m2.._..w>.X.bq.B4k....0.. . ..#..K..r...x.}1-.P)..^..M....Q......X... ..P....V.Z..t.L^......^.t.NJ<....(...D.O..............A.Z-..\..<.M......1A.K..h...O.X,.`.....r........X...{.|...G.X,..`.@..x.?..y.t.A{.D...e..9/V#..<..e2*d..~Z.....a...e..lc.u...$t...y..E...@.`..h.F....[..8.(C.`....@..5...2<..]luq"..2....I?.....c..{<..U"......`m.$ex. ..6.....z..-.L.....VOs....-....K....8..IU?U8....@,.....ch........T...#(..m....#... ..P..T.....#@..-......0..0...B.?......4.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\customCheckboxOffN.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:7F789401DF5224316B8D95D377BCBC15
                  SHA1:E8914498164A18F61D98F9A39FED419AAE794423
                  SHA-256:06CAEC5B1DDC0EE7C8D2EF537686C94D496C4496F2D9300927F0B213F25EC421
                  SHA-512:3D2FFC962836AD614FD4C0794971C50E7D83B5D6D922B3518EC6FAA074290A2002EFD2094A63D266D1EDFC247D706995D60D2DDE1C10133C25DE1E5390D5F825
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....IIDATX..... .D..8....q*.&. ......{..L.,.)wq.O........................J-..}Os.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\customCheckboxOnN.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:47B48EC539F75680B4D40239DE84CAD7
                  SHA1:DE40BCB8C08B0D4F14C86AB7E0551BD9E2278B9B
                  SHA-256:8962F3D14C2CE697C2A78F808026C6D7CA06C2E1D33E147D659FDC881B01B670
                  SHA-512:3A6CF8A3948B54650DE7128E0E7047E57EB234EAFE3A88A4A59FBFF70B4AD2E417B314E6D5B4FC5AAB93F06AFF96E8CB9C0640AC76C530BA1263150EB6224020
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX.c..0..0..i -.......t.....L.x..:`..tq..._.../.*.U..;.*c....._..."O..@.._.!_%.C....n.~....Vn.8.X.i..R,...P...Dk.:.dy..%`.Hq.9.cu.(.....D.#....@.A....J,...R.A..8.@.#.a9^..s..,...u...0.A4.P.r. . B..jYN....A-.A..............,...6..Fx....+..5...=....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\customRadioOffN.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:CD32CF809A0484D251781F346AF4FCD1
                  SHA1:71243B40C9E3CE6FF4E9C465DBE23B98403B7084
                  SHA-256:D41BA8832C3C2D674378F3135DC6241FCA81C08A79EAA76F0A1070EBABBB8C96
                  SHA-512:51BDF0C314EEE16E094AB17B4BE3FF0A90BBC35491AAC98C2461D9325C13A65994D1316D11DD66308E7FD002860890957DFDD336F5FBF1A404DE26B67EA4212F
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX..V1k.@.}mg.U......d...q.......)...?.N.E.uU.....m...?..."Gri..mA..$z..........>....%.....<...k.`.`..o.......=.7.y'..Q.....BM..(.Kb...L&#~[..p....T....?X.e.z2."`.......i... ......./...c0x....q..,jq.......F..........J.`.6_..}^..6.y...;.i?$...%.DO7.......<....<..J......].D...q... ...&...H....T'.....6..|..i7uIA.J{).v..A'@.UvoRP."..t5.(...k.E.p......#.....(.9..>g...'..\.Z\(.... h...d......V....nH.2..'].nFW..........|.Y...4.,.)O......b~.k.l.c<...x!y.Z.d.....j.$z-?.....K....}......IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\customRadioOnN.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:CC46C11D428A67FE6081ED99C487621F
                  SHA1:117AC1671A62C924F43F5BB07D4EA14CF55BDD5F
                  SHA-256:99D339C52C22FFB3C6E416EB9517621EF623438C03AC1E442AD8FF3BACB48E98
                  SHA-512:44B58C9C57C2B25E75B8CEBA0669F4B078AFF14EF7C81502D0B92CEBA697D3D6BE517C309E5384599EA41635235D4FF6B93593EBA7F4D3611EB73B7D581F683F
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX..V=o.A.}|Hnb).+.+L.*..!YW.>...Q&. 4$E..J..._.Sa71.....qM.@.rE....j....3 @J...}.....-n<.,.. .......T.,._....z..Ir.5..L...C.O2.....Bd.. ..k.....Z..X,.o....~...=..H......v.C....8M....Q.4...y.u.<.jW\...EA........,.O|..|.8~...*....<.$............C..v>...n....pv.Y}[Yy.0...1....Y.&t:...........GG......^.<.@......e..5...>.w.vT.X..9w>.9.3.P.6hK.G 4.$..Y.%..J.[.-."..T..`.....Y...j.wSpY`..[...._...:.v.ee.-+lM....N5.J.x.....Y......j2...t.)+!lMU..@...i`.c..E.4"..iC....S.....J..eVs.=..+......\......?.w.^...h.X|p.....yu...]*{.......D,.|9....7N1N3N5N.E.n.pp.o4x1.f&.I.<.D.U.8=....+2..p3.N.H.B.:M........R. .G...........=&r....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\hideObjectN-Invert.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:54036CE405E1587EAC12F0FF104DFAFD
                  SHA1:F0F84D03B5195B4B109EE28530A574B1370D2244
                  SHA-256:A524CB65F86D52358BD526FF05E7A4DE21C44CD07D7D9DC6C1342B3658001886
                  SHA-512:865148430BAA77EF4967B5C525F25C4B35C454E801EB30F39CAE28C0416A7F67CE3514D006CCFD557913318B0F60F66A1849C910CF8BDEE6F0A8900F921E3D3A
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....zTXtRaw profile type exif..x..VY..(....s.$!..F.....`.W.{..=&l...T..6........q..O.[......h....u]..G.......$...}........M..O....C..g.=/nG....I...n...v.Lm.|.w.d4..#.Bbq.3...$....,..B....k..9| ..=pg..=...;q?p...[..".k..-.!.....1..]v.Ly.....F.X@...G.8..ZB.H.B..5.Z5.... G.2..T..q...,[.......F...iF"..PM`.....i.....f2...f^...NGc..%.....x.4`L.... ....~W37uco..(.....-...t.-Y:..u..K.B..@.b+....YO.....@..#..@..@.R.Ff@...q"..x'....[..P.. ....rNQ?.E.PVQgT.k.I...z.{T..\..C.1...D.5..b.)..I..i.)..SJ9#h..3f.\.HqE./..J.(..V_C.5..I..o...bK-w.(..v.C.=.<PkC..:..#.4..V.^5zP.j.U...5/\U.9.....N..;..a*......O.f61..2T#..4..AA.u..U....u_..)g.t.B93...=..B....E.@s.NN..ll..c..7......w..8*..9.w....N..G......-......mJ.N.....s.<.+..G.wO.)..y...1!...].J....Gz.....t)...;.G..f...|#...s.H.;.@h....P.:./.3xL...._...N`f#{.v......=0.J.E....}W....a.A.M.]...}.^b.Z.......c.o..>u.!.n..]..l...B..h?U.y^~...W..Oy........f.OF.........

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\hideObjectN.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:FA0F25BE17C5755A6307B6E116BBD030
                  SHA1:B958EFB0C551EE73EAC1E127DB42E84ACEDD44A0
                  SHA-256:B5E4DD4903AFBBB3C37468C1F27D0CD79D2EC12811B5921E2A0AB426BD8F375A
                  SHA-512:4E15C0137CA0521487B446EAC531FF7D6F357F9AB3297C2595BA4E04BD51C5984CAE93DBF3C0D5E0BDF83E226E82D85642A4F391C99F268037A3A9C4C87494E8
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX...m.1...$.l.A....9.:.[....A....`I.I.!.k....D...h..Y.Y.....l<............H.B..o..b8.w.w...`.....T....0.p.`..8......n...c.....4@...,%.)..6....?.%$Rc..SmkU.:!|....8.F.f.Ab...L..l1.Y...;..p.W...{....XrU..OR5..*.....V!lbm.......[..j.......UK........^.".......)$.X..w.u;`fn...E]p...z.......2ws......#f\r.......|n..T......E...+HQ....Z...........~...^...O6..<.@.pV.%|...,.;%...:.........p1....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-1UULF.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):721
                  Entropy (8bit):7.5686058071445625
                  Encrypted:false
                  SSDEEP:
                  MD5:CC46C11D428A67FE6081ED99C487621F
                  SHA1:117AC1671A62C924F43F5BB07D4EA14CF55BDD5F
                  SHA-256:99D339C52C22FFB3C6E416EB9517621EF623438C03AC1E442AD8FF3BACB48E98
                  SHA-512:44B58C9C57C2B25E75B8CEBA0669F4B078AFF14EF7C81502D0B92CEBA697D3D6BE517C309E5384599EA41635235D4FF6B93593EBA7F4D3611EB73B7D581F683F
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX..V=o.A.}|Hnb).+.+L.*..!YW.>...Q&. 4$E..J..._.Sa71.....qM.@.rE....j....3 @J...}.....-n<.,.. .......T.,._....z..Ir.5..L...C.O2.....Bd.. ..k.....Z..X,.o....~...=..H......v.C....8M....Q.4...y.u.<.jW\...EA........,.O|..|.8~...*....<.$............C..v>...n....pv.Y}[Yy.0...1....Y.&t:...........GG......^.<.@......e..5...>.w.vT.X..9w>.9.3.P.6hK.G 4.$..Y.%..J.[.-."..T..`.....Y...j.wSpY`..[...._...:.v.ee.-+lM....N5.J.x.....Y......j2...t.)+!lMU..@...i`.c..E.4"..iC....S.....J..eVs.=..+......\......?.w.^...h.X|p.....yu...]*{.......D,.|9....7N1N3N5N.E.n.pp.o4x1.f&.I.<.D.U.8=....+2..p3.N.H.B.:M........R. .G...........=&r....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-20BMS.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):677
                  Entropy (8bit):7.503689695819965
                  Encrypted:false
                  SSDEEP:
                  MD5:36EEC3D380D638AF88F85163E20437B8
                  SHA1:8F8FFF9323B8386F0B3F9B7329794C6CFB238CF2
                  SHA-256:7B76B100D16BADA4A19872A0D410E2EA6CB386B08031773D227271A12D823EF8
                  SHA-512:AA390B7B85F8569E6E40D0351065B0A86CE75E504634E5266770000261A916BBAB2A680B2B48E2BD4FEDC2D42A27F9F1082365DD47E388AC717002D5F979F16C
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$....WIDATx..1K.1..t......P......:..X...d..H...,.m.nE(""....[?@w..4pw.r...I.....y..$/...a..I..m...v...s.X... ......0.~...s[...|...e.....m2.._..w>.X.bq.B4k....0.. . ..#..K..r...x.}1-.P)..^..M....Q......X... ..P....V.Z..t.L^......^.t.NJ<....(...D.O..............A.Z-..\..<.M......1A.K..h...O.X,.`.....r........X...{.|...G.X,..`.@..x.?..y.t.A{.D...e..9/V#..<..e2*d..~Z.....a...e..lc.u...$t...y..E...@.`..h.F....[..8.(C.`....@..5...2<..]luq"..2....I?.....c..{<..U"......`m.$ex. ..6.....z..-.L.....VOs....-....K....8..IU?U8....@,.....ch........T...#(..m....#... ..P..T.....#@..-......0..0...B.?......4.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-4DORN.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):2312
                  Entropy (8bit):7.875094950123183
                  Encrypted:false
                  SSDEEP:
                  MD5:48EA5951ED0392EEFEB55331FE83D431
                  SHA1:DD9C7B66C33B7DEBB1CC968C8E2ED4F33CC118F9
                  SHA-256:BE214494CAC5C2678D46F106BA101631B8D8A3D992EF83489246C42092CB7E2A
                  SHA-512:F00A167609C93505BA4CEA62A26DBC2BCBD2B5624350145512A2DEA110090E91767FB6646C12B5956CF2E9AE990BEAE64225C3D0CAEE0502EB424321F59A5BA1
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..[mlS..~....v @ Ic.X..dNG..HL......@bm..iR....*4.....i...I..!m.@BM.V.BS.U.d..#..H...(.....i..=......o>@y$.^.{..y...}..X..V....`..,JKK*.....Q$^ZZb....]......Ng.[.... .o.`........R.n..I............n/f.B..=z..v.:...#c.<..|...;.F....o_.t%.. f.....'.=..`S..@-.Px...J.......'XZZb.`.....N..:..{<...E.HQ`I..H.C..D...n>^.....k..*.~@.\2.........."...V/Z.%.@I...x=..z.',..jH..xKW.E....-..!A..h.v......&..`....y.j...Aw...h....4...x#.{..^.p...;`4..6H..>.[.j..............5.0....i..Q....*.+..<a....l...59|...x.0...p$),.H...d....Z....O.}?...Lr...L.P..<AW...l...N....UG.Q.....-y.....62..rJkJ..._.[._U.HD.<!..H.\...B..u_.~..Y..B.D.....-.k..YC...1...w.1..+#.VK.e...Z^..FR........."..L...|s~...,`^...x..pb..;}.Sf.LO.g>....8..4..Fj.E..@..D.|'..!$.".tx....."J.:..N........p.....}U&?Z.U...U..R.b...U....f#I#J....Z.l..o...q'ja..H.~A$E.)-..*'m..I....@.....g~A..PW........U......C.....$L..&...w..x+...|...jE.{.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-4MN1O.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):477
                  Entropy (8bit):7.30543601340867
                  Encrypted:false
                  SSDEEP:
                  MD5:FA0F25BE17C5755A6307B6E116BBD030
                  SHA1:B958EFB0C551EE73EAC1E127DB42E84ACEDD44A0
                  SHA-256:B5E4DD4903AFBBB3C37468C1F27D0CD79D2EC12811B5921E2A0AB426BD8F375A
                  SHA-512:4E15C0137CA0521487B446EAC531FF7D6F357F9AB3297C2595BA4E04BD51C5984CAE93DBF3C0D5E0BDF83E226E82D85642A4F391C99F268037A3A9C4C87494E8
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX...m.1...$.l.A....9.:.[....A....`I.I.!.k....D...h..Y.Y.....l<............H.B..o..b8.w.w...`.....T....0.p.`..8......n...c.....4@...,%.)..6....?.%$Rc..SmkU.:!|....8.F.f.Ab...L..l1.Y...;..p.W...{....XrU..OR5..*.....V!lbm.......[..j.......UK........^.".......)$.X..w.u;`fn...E]p...z.......2ws......#f\r.......|n..T......E...+HQ....Z...........~...^...O6..<.@.pV.%|...,.;%...:.........p1....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-5CICU.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):724
                  Entropy (8bit):7.559978745207139
                  Encrypted:false
                  SSDEEP:
                  MD5:24FF4B975FA15E650A77A69DC2263DDB
                  SHA1:AAB239C6DDBB60B2C793E6EDCDF5E4AF7E43C641
                  SHA-256:EA92A5CB8987498DCB79489A6B67EC65290160E77CBAB38D3F064CCF51100DAC
                  SHA-512:CD390841A732EAD6E7D4FF3FD9034BFCF8E57FCAAB87F2F42B7082C023FF5513C58E287800DBC42A5A9BD7B8EEC44E5CD04B966C0B2EBBAD3C1A4E5ED99260CF
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..1L.A....).C....(11.R...HH.................K'4!......i1a.D.. ..H..^,..^{_..\..K:....{.w..}W..A....|../.C.t..b....XF...FX.ax8<r.g.g@3Q...= Z#...'..[?.$.D..f.].[C..a.....3...._...)p.T....$.D....Q,.=.x.v....tp^N.V.[.0....../..{1.......G...C;.....0....6...f....d..WC.....#..1..Z.......%{..........!..6..3x5.$...cf.;...........oxq.H.t@f=._w~...=x..)..t......T....<..y.....m..O.q........y...Mi.0..../....._....M. .......u... ...,r.Lu...I.....O....C...`.....yLu~....6.Q}..:...T........B..j0l...,..*<]...._/TzG.,.l..4.....X.n...PP...=k+w...t.Z'.qrX.<@.@.....2.....Y....=...z..lt.n.A.@..`...|.l....m...W...Q.A..A.l....1f.`4.'.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-8435I.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:Microsoft PowerPoint 2007+
                  Category:dropped
                  Size (bytes):5662614
                  Entropy (8bit):7.9934643288579625
                  Encrypted:true
                  SSDEEP:
                  MD5:DA834EA699D2FDBA5458348909BDB26E
                  SHA1:FA35D81EA2F2C7B5FEAEAB340E6AC553AAD45F6A
                  SHA-256:10F44EC95CA4D2A3830753AE9197527ACFA30E31AC3AC6F88B8D270805A79A34
                  SHA-512:56BE3F54DD8F6304F9788FB1E8DDB0BB3211979E2219E6D76B352DC903F73E8A75D0A83858B877BA16EA979944C91F9802856A131E54CBA62B5D5D73A3673EAC
                  Malicious:false
                  Reputation:unknown
                  Preview:PK..........!..k).C...v.......[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................AO.1...&...W.-Jb.a!F.......R.N.. .{..j4..9....f:.`.65[...R.OE.3$e.MU..o...B.*...9.`.....q.0...E..R..h ..R...@LG_I...*.g..T."R.b.....,aYG6^..m'sM.]ou.*..\...T.+*...-K.P..0...U...0G.0m.f.tr.a.X.?..:e..P$g.....I.t..J7`.O..@6..'`.J:........vo..+zg5E.EZ.0.....kL....k....tE..........wU..`f..'x.?.:.7H............PK..........!.SF.............._rels/.rels ...(..............................................................

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-85K5L.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):567
                  Entropy (8bit):7.489817428066883
                  Encrypted:false
                  SSDEEP:
                  MD5:CD32CF809A0484D251781F346AF4FCD1
                  SHA1:71243B40C9E3CE6FF4E9C465DBE23B98403B7084
                  SHA-256:D41BA8832C3C2D674378F3135DC6241FCA81C08A79EAA76F0A1070EBABBB8C96
                  SHA-512:51BDF0C314EEE16E094AB17B4BE3FF0A90BBC35491AAC98C2461D9325C13A65994D1316D11DD66308E7FD002860890957DFDD336F5FBF1A404DE26B67EA4212F
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX..V1k.@.}mg.U......d...q.......)...?.N.E.uU.....m...?..."Gri..mA..$z..........>....%.....<...k.`.`..o.......=.7.y'..Q.....BM..(.Kb...L&#~[..p....T....?X.e.z2."`.......i... ......./...c0x....q..,jq.......F..........J.`.6_..}^..6.y...;.i?$...%.DO7.......<....<..J......].D...q... ...&...H....T'.....6..|..i7uIA.J{).v..A'@.UvoRP."..t5.(...k.E.p......#.....(.9..>g...'..\.Z\(.... h...d......V....nH.2..'].nFW..........|.Y...4.,.)O......b~.k.l.c<...x!y.Z.d.....j.$z-?.....K....}......IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-9N3UR.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):209
                  Entropy (8bit):6.383169692416343
                  Encrypted:false
                  SSDEEP:
                  MD5:9C839F86D5ECB54E79DBDC691256E7B8
                  SHA1:18B60F1855F31D91511CF14A4CB728C24F958D35
                  SHA-256:52EBD2A2FBB8C98127D84CE5879E7E7081D8C30DFAA27FFB71F575BA8EB2D0FF
                  SHA-512:B7EC35C2BD64155A9A91EA7F91048806748D8DBA0324AFCC5266915FD7BFC56524EF44A0B899EC89F655DC5A78B7BB10C2E4EE96BB6FAFACC939F55B9A4D1B58
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX.cdL......?..Y...x.YZ.....$=.....k.....k.......cd.....u.<...st@(.U?.!0.F.#....[.P.l'U.hQ<x....vR....`..h]0Z..:`.........Q..5/....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-BABD6.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):664
                  Entropy (8bit):7.460282129909744
                  Encrypted:false
                  SSDEEP:
                  MD5:196659E2912FD5E77331B3D8AC1F2125
                  SHA1:E8573B90DD8DF5B60CDC92565B10F6D97AA33682
                  SHA-256:EDACE35A84228FC6AC89E0EFD3AC813F7E0148786E03D770F5759E63605A031A
                  SHA-512:6F8D57B04F2A91CFBB373C0E9C5F6CB69A2D6F7558B26CCC1A98DD084721111BB3843143C26E90D1B137B7806C6FCA6AB8334F20D4B8ECD0DAEA9B3C8F1CB4D9
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$....JIDATx..AK.A.......[.......t......NAx.....KD.x.....H../..........,.........A..a9{...\.K.u....."..x.N.........`.g.# G,s....m..}.'........3r.j.NT`...|..8._.....`.x..s..7O.....!...g......^ .......f.p........Va... P..*..d...'....E..z.^.A.\.z]5..}..&@.....1Q....j4.f.`2..n.i..>..T.Z..;..L. ...juv....B.<..i0..J.".q0.x.D..........$..lh.Q.....,..<.}.....Ot...A}w.0.c....X.mpN....}l........:.8...Ot........w......".%....t..16.t..@>G..9.u.W..T..5.X..i..)...P...v..q....c..........k3..d....$7O........."..x.....k.v6.!g.1...7.9.d....3.....m...0F.-.....".. ....J._i>..|I-.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-BB4EH.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):325
                  Entropy (8bit):6.789069786452006
                  Encrypted:false
                  SSDEEP:
                  MD5:47B48EC539F75680B4D40239DE84CAD7
                  SHA1:DE40BCB8C08B0D4F14C86AB7E0551BD9E2278B9B
                  SHA-256:8962F3D14C2CE697C2A78F808026C6D7CA06C2E1D33E147D659FDC881B01B670
                  SHA-512:3A6CF8A3948B54650DE7128E0E7047E57EB234EAFE3A88A4A59FBFF70B4AD2E417B314E6D5B4FC5AAB93F06AFF96E8CB9C0640AC76C530BA1263150EB6224020
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX.c..0..0..i -.......t.....L.x..:`..tq..._.../.*.U..;.*c....._..."O..@.._.!_%.C....n.~....Vn.8.X.i..R,...P...Dk.:.dy..%`.Hq.9.cu.(.....D.#....@.A....J,...R.A..8.@.#.a9^..s..,...u...0.A4.P.r. . B..jYN....A-.A..............,...6..Fx....+..5...=....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-CEHU5.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):202
                  Entropy (8bit):6.275612092392337
                  Encrypted:false
                  SSDEEP:
                  MD5:3C10582E2FDBBF18B25BC580A136F972
                  SHA1:A5214BA9F0762C61C780C1E186E26C0DB636E546
                  SHA-256:D34E1F955517550EA9414D7D3D8241F7614858D8129F613F608BE3FF37120D6D
                  SHA-512:240747078ADC6424464E87DE058F20856129DD6194D6F94CFD0370F3737D882F02F25944E53D212ADDBF179E5E0CA3FFB3B75C032F0C44A99B7EBFD64DE555BC
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....|IDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.h]0Z..:`.......1i#...<..R.4.X.H.-9.W.h]0l..O...............Q..wO:....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-CHBJV.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):2616
                  Entropy (8bit):7.89353773165683
                  Encrypted:false
                  SSDEEP:
                  MD5:3A552005065C257AE4711EE2D3C0733B
                  SHA1:D6B0EA49899804190B0C8FE4744B3E5BAC05055B
                  SHA-256:DD69CB4F70B1C0949AF2FF8C93A02729F0916696ED0356D3E69B38924136F43B
                  SHA-512:502FFF24235559FC6EB9B4386ED914C7B1361BF9B58A4DE10AB45DB3EC21A810A6B640F4F2517C0522C5BEA8D1A0D3D27502E4A2F4CC7D791FF85EE0B36704AB
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..[{l......g..}<..A|N|..t]Jy...AMR..A.....0 ..D.....H.Zj.i.m.D.....'.4.8<\....Bk.G!...W0...~s....kwo..d..f....7..vn,`.c.......X..!1...V...g=......F..a..Uzv.D.gP....5j.._..9S.....G......G........'....Uek@G.!C...S.[/.?O.&.~..;...6...l.*..6<...O...A3.t.o.PEGA..z..... OdK.A..y.x.t.w...5S.#.`............!.f|A.. 5...".GM..y.}A...m$..@S..r."..M.7......m....2e.no..O....s.20C^[......$.............F....{.V......}...(.o]S.o..tDj$...;....-$''.ZD>./....=....Zm.0...X.......|}..B.+L.........U.s..;..;.FGG;..S#..Ah.X.(.l.7H^./.\...qV+....E..a%............/[S.jd<|..9......c,:,.@.../c.....h3.@........o...|.Z..$..}AK......+*.e..o.&.I...v.=.y.....SSS.~..,X......w.^TW.+?WlZ.).KI..'..VB..^.G(..C....d.`...5.;w.Db....]-..5$.DZ..Jh..e.p.I"..y....y..HS.....xG..V.'P$,^..;.9..........1.t&f.G"..n.o./Z.03..s.52./.{%?..n_..<..?D...p-..P;......iY.?...N.....K_..?e...5.D.yBWfbQw..Z..{...#......S. z\.Cf.....@.X.1&..

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-DO638.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):202
                  Entropy (8bit):6.14888539962085
                  Encrypted:false
                  SSDEEP:
                  MD5:0A3FA188853741A870B4DCD24A63D7D0
                  SHA1:3957F2BE5D8FC119285BD0429D2DBF9F451959FC
                  SHA-256:48AE5FEECC3C1B35D47A31A24B79B17582F2B7C57FDFE910FF19393FD90CC79A
                  SHA-512:40B85E8438AF89AFF98897F36F5F3101E410CE6CBEA98F44324FC77628806F31E45DA561EAA85BF07F3D460CDF6FC64EF9F9480C6ED2FA643537BB4D124E614D
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....|IDATX.c<u....<....Y.T..I..g.'I..........'..T.M1.(..%G.G..:.....!: U=,......(..4.....9u....E...p....F....`...u........ .P.?.>.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-E1JRA.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):195
                  Entropy (8bit):6.1634854965234815
                  Encrypted:false
                  SSDEEP:
                  MD5:47C2D4AA870F4B3342A1ABD9ECAC5753
                  SHA1:BF4471140C480A60F18DC19EC1E945B6548B7DE9
                  SHA-256:83446B28E7089B6F3EA3948C3A4DAF25368709BD2E2B1E0CF7C0B1D0BFA5A1E2
                  SHA-512:46C45159D30352CCBE296547A60F41D6CDC0A1DD93734BD9DADBCB0A5282C8F1A904C98B7B2B4645B5FFD4CAA03BD77F494CE129B92149C920FA3A740061C1AB
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....uIDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.h]0Z..:`.......u.c......b.Q.uK....x....8G..........P....Y....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-E3LQ8.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1360
                  Entropy (8bit):7.794283425957798
                  Encrypted:false
                  SSDEEP:
                  MD5:8930CCE4A5EA00DCEB880E791AEDE4A1
                  SHA1:7CFD3589E61E11584D6BC53CB70F172F265A9918
                  SHA-256:B9797023D6127FF4E9C2D361CB8771BD3654F5B2642E4E9D3CC7F921A559870B
                  SHA-512:5D05F44219227E33B26F69AC790D069F22910C116D747FD9DC785A7234732964EAC0A958948054E7D012DDEEC6623C845C966D13675A3596B767DA6AE2493D20
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....zTXtRaw profile type exif..x..V[..&..g.Y.....`..d.Y~.L._.....|..6X..T%........=E.4Y.1z\!......u.....+<?.....^....._`.....}{.../.[@...P...m..$|.i=...........(_.C..U.'......A.......(..aL"...k..9|!...p...3...v.....^s7.z...^..t..]..zoGv%D0..J...a..*e..h.?.8...).P.B..mw...v.@..uj..iG...'..;..$.OQ.h.9A.......f>c..7O.;.<W.L&..V.5we..v..>J.......Q..c(7..A./Nu.;.{... .@A.4..,~; 6.{m..Y0O}p.......E......G..H>1'".h. r.... U..:.....x..Ds.+.f.-.B%J.4.@.+.E..`......j..YK.....S.gTI.B..SJ.r*&.L-Z2.l%s..a.cN.[..8-..X]0...7..[..f[.....{..n{.K.*...\..ki.PJ-4m..f-..Qk]z..cO.z..Tm.....(.Y5Z............q.C3(..x....yh.B....g.P.j.C.JC1(...v:..+.Q7....._).t..rnH..{..B.Z......]88..q.aB..V...................A...z.jH{J.......i.......{6L........p8FV.1S+..G..Zs#......".....<..s._.z. 8w'vz.&t.:x..@.B?.l.H..F...W4I.A.\go..).....r....... zt7.{..)....=2x2.e.^`..];{..t...X5.t_p.].V^.j.L.o&.ns...~....../@......[..*..U....bKGD............

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-ERL4J.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):667
                  Entropy (8bit):7.469330286024701
                  Encrypted:false
                  SSDEEP:
                  MD5:3AA880A71196180ED0785ED76711F617
                  SHA1:DF1B423C566BD25E434CF007AAE8DC81FEC912CB
                  SHA-256:3C1955E68F37B2AD057234DB94D61CB3B9F4B8220EAAA9E1F89AA28BB7479DEE
                  SHA-512:BF97DC831D1CB17A64124E7F1B2E4130E2A3507C049AA8F780A2F3F7E2D8D470A3D2DDB89B611B752B66169E4A8D64E0116FF78E8586E7C369BA3FD0B1864BB6
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$....MIDATx...J.@..W....(".&".Z...x.R|..Yz..m..!U..>F..w..]H.O..F.v...0...|;.m... .".......R...d...@.x..n..9...\..|.>.j.e.b.*.v...K....@.xFM........_..-.....9......a*/...:e..+..y.."C.... .$.g....3.g........:k.V+6...(.R.0.Y.s..4.....c......M.S.A.\.n...wR{.*. kE.dEL..F..z......k6.<...l.p. }GQ....=w..n.+\..S}p.@..|._..u..`..&..+....<...y...xT.16.t&....a.r..6.I....4.W7..>..|..M....0q(..6....;<@.C..6.I...X.TXE.."..c..E.S....x..16.t..@>G..9.u......mk.P..Y..)...P.....Q9..R.*.X.\.>...X.^]..._<A..e...S........3H.......9...k..u.A..;B.....#$@.H.....8....G.1....B.H.. .. ..`...U...t%d.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-FA6HQ.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1463
                  Entropy (8bit):7.814902443235813
                  Encrypted:false
                  SSDEEP:
                  MD5:54036CE405E1587EAC12F0FF104DFAFD
                  SHA1:F0F84D03B5195B4B109EE28530A574B1370D2244
                  SHA-256:A524CB65F86D52358BD526FF05E7A4DE21C44CD07D7D9DC6C1342B3658001886
                  SHA-512:865148430BAA77EF4967B5C525F25C4B35C454E801EB30F39CAE28C0416A7F67CE3514D006CCFD557913318B0F60F66A1849C910CF8BDEE6F0A8900F921E3D3A
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....zTXtRaw profile type exif..x..VY..(....s.$!..F.....`.W.{..=&l...T..6........q..O.[......h....u]..G.......$...}........M..O....C..g.=/nG....I...n...v.Lm.|.w.d4..#.Bbq.3...$....,..B....k..9| ..=pg..=...;q?p...[..".k..-.!.....1..]v.Ly.....F.X@...G.8..ZB.H.B..5.Z5.... G.2..T..q...,[.......F...iF"..PM`.....i.....f2...f^...NGc..%.....x.4`L.... ....~W37uco..(.....-...t.-Y:..u..K.B..@.b+....YO.....@..#..@..@.R.Ff@...q"..x'....[..P.. ....rNQ?.E.PVQgT.k.I...z.{T..\..C.1...D.5..b.)..I..i.)..SJ9#h..3f.\.HqE./..J.(..V_C.5..I..o...bK-w.(..v.C.=.<PkC..:..#.4..V.^5zP.j.U...5/\U.9.....N..;..a*......O.f61..2T#..4..AA.u..U....u_..)g.t.B93...=..B....E.@s.NN..ll..c..7......w..8*..9.w....N..G......-......mJ.N.....s.<.+..G.wO.)..y...1!...].J....Gz.....t)...;.G..f...|#...s.H.;.@h....P.:./.3xL...._...N`f#{.v......=0.J.E....}W....a.A.M.]...}.^b.Z.......c.o..>u.!.n..]..l...B..h?U.y^~...W..Oy........f.OF.........

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-FSC7G.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):166
                  Entropy (8bit):5.94491939919581
                  Encrypted:false
                  SSDEEP:
                  MD5:3299A1AA577059B85565E09C634070DB
                  SHA1:EC4CF400A8AB1E5C74FDE41E447C40E98A08A1AF
                  SHA-256:8DA7C98CC1147D5A22F78ACBD8868C4D04F33D8B00AC2B8D22F663551936B039
                  SHA-512:5E1040EE169266E9D2B2CAAB3DD8C888BF84B192F19ECAD1784D0620E4B3FD01EBE559322006EF64AE908A2F58480A6B59597E1CCBDA3DA6CC8236BBBB8768FB
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....XIDATX.c...`..F\.....?5...<..v1.t...R..cM..uK......u...F.0.Q..:`.......sJ....(..#.000.......M.f....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-G1A25.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):197
                  Entropy (8bit):6.13506419860859
                  Encrypted:false
                  SSDEEP:
                  MD5:B41EF9B3983745F22ED9115B28C3C419
                  SHA1:F9518489D109E4F83F8734BC1C7F74CFEA82A4FB
                  SHA-256:67708068E0F7F7437B08116E404B621A9B276EDA531E93CC137038DF5B518F7F
                  SHA-512:A11FD9937C6F900A791EB905A595181805F21F31CBC65A2B977123F9BDC21ADEF6A766B7BD80B0664F243B107B14BD95BD3C1DE2D383314CF27ADF86613963B3
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....wIDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.......u..4.X......E...`q..F.Q0.`._0./.u....000..m.P.|x.f....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-G2TCP.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):205
                  Entropy (8bit):6.050334373462693
                  Encrypted:false
                  SSDEEP:
                  MD5:53829C7714E20B7D772DF0413E844E57
                  SHA1:4184652EB77B50EEEF6A74A4EE08D445F648AFC7
                  SHA-256:DD0C0CEDB69FE3497F1424F84D1BE36D670E75E3F5CDBF37A3ACF23FD4B23970
                  SHA-512:7E5637AC2D63DEECFA699E2CBB877E8C18D31F8841A4619CFCA7B95EBC70A9B0C46A2D4DE0AA79A27166DA196FCB6E64A7B479056DB299A480412DE6C0DFB282
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F..u.c.F......!uAS.5..n.Q..G.A.....Bq..F.Q0h.h.`._0.../```..cpQ....E....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-G8J59.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:Microsoft PowerPoint 2007+
                  Category:dropped
                  Size (bytes):79652
                  Entropy (8bit):7.963727908183875
                  Encrypted:false
                  SSDEEP:
                  MD5:374A50D375B05421A39BC8D8B333F212
                  SHA1:143EB10D6949D6758C2C4A21E4DDCCDD9E4FE4D0
                  SHA-256:72571D5AB379F18A0A9F9CAB7535EB6E212F04F6063BB2F35A87F9ECD0100FDF
                  SHA-512:FCADE0CA1AE6A9243882E5864B22CE11521CA3153463A6285C5FA7FAA06C5845388DEF6CDDA9499222F519077299C9CCA8937917FE4A6DC3BDD47B020D9844D9
                  Malicious:false
                  Reputation:unknown
                  Preview:PK..........!..-..............[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0..w$...b...P..PF.P...\.Cr..#.o......h...a_.9...0D..*....RW...Sv'Ed...GX.#F.../...c.IM..=...:..G..y.4i]...1t.y...M..j.8..CV.#..1......ImI...7G......Nc=Q.......T...74,..f........ZW%.....x..3...|..{I..l.b...aL.......na..N......%V.]..Lp[.z.....z.S........PK..........!................._rels/.rels ...(.....................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-K5U45.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):660
                  Entropy (8bit):7.4495968042529315
                  Encrypted:false
                  SSDEEP:
                  MD5:91E734D1E5BBA909C4901CA4D8D4D7AD
                  SHA1:3EB16C0BEE9067E690F9B93B97CAEA0939F80E6E
                  SHA-256:9DAE491F1C6651DC230A44F2112DAEDB8DBC17956CC7351A93F90AA5F493F589
                  SHA-512:8878B245E70366F22234EC802CFA39003F4AF835F694DC20A11301F6895A9C1724D9053AC2C2665DEA664A2CD70597FEB45A5663A12DE23A8B8FCC165B021A1F
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$....FIDATx..AK.A............Y=k.@...Y.t...C..B....`...?...K..9....;....."...y.y3.fG%.. ..y{.......%......3v...a..pt.,..}...e...!.......{.."..xF.t...&.f.V_.....`..nD9e]..K..@. ......3.@.n..x&6...l..t...'...=...j..j.J.h.~r...W..wj4.......n.U.{I..1.n.j....K.....JEu:..'..fj8|.>Qg>..^.|.8...{.|..F.\./....H..$z..f.t0.x.D&.*...s^-F>.y...tT.66.tf.....>.y..P'....A=.Y..1..y..E.....x..hpF....[..8...N..... ....dxj1....D..e:.t..~:..`?....x..\"......`c.dex. ..6........-.L.7....Nr....X..][../p0..\?9... ...g......w......pl.>...&0..,:r7. ...g.g.m..v..#.....?E. .A..A...PJ...3....d.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-NKC0F.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):204
                  Entropy (8bit):6.254680310909731
                  Encrypted:false
                  SSDEEP:
                  MD5:C6BC04F1E912D718C2C69280DBB94C2F
                  SHA1:DAEB7DFE0D150F65A553676EF08EBA18C9EFEB34
                  SHA-256:E0E87E8C1D1339550EA062B5098EC4584F96735E64257C439214E9F37D95E0F0
                  SHA-512:5B1002BDD362B7B92893D9DD55B4224EF52891A26418D6BDC1370C0FAFF558023D9DD06F844AF92D6BA10EB4B16EEA2CAC9337F83AA7C3F40EB2E911BB0AB791
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....~IDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.h]0Z..:`.......1i#^........)..._..(^..u..u..u..8G....```....Q..e......IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-O7L9P.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):151
                  Entropy (8bit):5.226077522490888
                  Encrypted:false
                  SSDEEP:
                  MD5:7F789401DF5224316B8D95D377BCBC15
                  SHA1:E8914498164A18F61D98F9A39FED419AAE794423
                  SHA-256:06CAEC5B1DDC0EE7C8D2EF537686C94D496C4496F2D9300927F0B213F25EC421
                  SHA-512:3D2FFC962836AD614FD4C0794971C50E7D83B5D6D922B3518EC6FAA074290A2002EFD2094A63D266D1EDFC247D706995D60D2DDE1C10133C25DE1E5390D5F825
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....IIDATX..... .D..8....q*.&. ......{..L.,.)wq.O........................J-..}Os.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-P0B7F.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):3235131
                  Entropy (8bit):6.3655258458638135
                  Encrypted:false
                  SSDEEP:
                  MD5:EA37C7E16856B1E488C47CA5C6CBB351
                  SHA1:2C563D17224AE059852CED96C0E550FD82A29949
                  SHA-256:56D22FBEB6F394587921F7134A8143A26068C99EA9B28EDC49AF09C767E87B6D
                  SHA-512:D24C0038F3CEEB5BD3875996EB3701B18DF6A81CF8A2E95CA8C680A243AFD3407CA9DF0AAC5AACC43F28F8979BF8E6ACE27AB196A8B0DC911A9433FE167450BC
                  Malicious:false
                  Antivirus:
                  • Antivirus: Virustotal, Detection: 1%, Browse
                  Reputation:unknown
                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9......X............................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc...X.............-.............@..@..............1.......0.............@..@........................................................

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-QC4J6.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):409
                  Entropy (8bit):7.13728132410144
                  Encrypted:false
                  SSDEEP:
                  MD5:D767C4469DE6516F21CF0139093F2C0D
                  SHA1:2C90730ED0A425A5F0506A69527ADA3B2438D231
                  SHA-256:4B3507D0D6ABFB87562ACAA0D05FD48069C9FC4700901E8CA838C6D032ECD161
                  SHA-512:4E4129723E152BCEF61F35AA0C2ADFDA49784D833A844817D8940399AF853E1D2B139C9E3169F85998B6D79EA28FDC092BC0B4CE9B3E71F56E0285615055E9FA
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....KIDATX...M.0.......G............P&(L.6.#..+.p.1R..# +/...v@...R5......d2.....`...l...X..................J....q.^.m.RYQ..h......e.(v:.}w.;k[??.........9...T_2...!..:..V./..{..{......<3#;.Jf^.k.N.;*..9>.....;t.s...s.#..._.1.f;S.k.........J|..Q.-.^0.....qa...?A=+...'P.o./\..s"R1P....`.......|.<-........c.<..d2I.|..-}+.G.h....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-S20G2.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):2288
                  Entropy (8bit):7.877304319017569
                  Encrypted:false
                  SSDEEP:
                  MD5:B21B7483F6EC45C5C9CEB3D503E89C1B
                  SHA1:FCF8E3CA0E7B206F2013532FDA7A768D7F201F83
                  SHA-256:710B702B4B27B5C8AD06C8CC8979A25BA0D9283CE00D50CE780781AD21813533
                  SHA-512:EB3ECB8578456576C9163B3BDFAFACD132F69217109FDF72AD13B2130EECCB8F02D54A1DBBF574752DEBA3E9F36FC12B1B00196952A0F2690B4134881B29D5F8
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..[}l...}{.3.c.!..W|N.PL X.M.I.CP..`.5..*!v[..0 ..DPA..E..H-*.1...Jq.WD.b...8.\.....K..P.\R.;;....g........R.d..yv....f..-a.c..<..........i.....f.V.N..@m."...}...........kP3...bQ.z.$.......t.0%'....|ii..m........X..^.H...............YL.6.P.G.?.....L.!`.|...t.$)b..I!...D.Q.$K3...x.,...$)...M..;......pk`_8I.[..........\....lE...m_.S..A.%..d}..!2u...y.. /.....c.?.X.....?.............=....4.....m..^}..y..Z...0..Y....]^......... ._~y#..7/....V.... .C@.....#..\.I...].5|C......q@./.Z....n>...}...<...!... .J..cZ.,.j..I./......8;....=......X....1...+"..[4Af..,^|_J_......&...+..^G.L./...P@".........>u......./....3.@E<.r.....!... .nwR."......b..X.t.FF...G....e.....OR.8.....r....B).6.y._...'....8x. ..fj.9|.M.!dK.NZ....E..K.5.C.'.....:o...w.-a.....".D.'P&.Z. .O.....2!y8.e..t9.}+...q....../.=.KA...........'.?..~9U..Lu...@I)PV....0.!\..A...D....E.5*)O.V.4./.q......'...Pn...M:S....(..n.<...

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-S4USN.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1757
                  Entropy (8bit):7.827784756541829
                  Encrypted:false
                  SSDEEP:
                  MD5:13223AA59F489EFC2D5F619633803F1F
                  SHA1:DC5FE651F342D08C6D47999BBFE0889C490D8D02
                  SHA-256:1BF3293F2E267F2A8B9D2D2C8597CE59F77080EA3B78963C9D68A6735F59D60B
                  SHA-512:0D7C393549C493448B42225D708D243F67C58D536FD4A30CF9E55131D840E50BDAA8E1636AE6848BBDA60095A99F43D218FDB13229A4AAE524F32ABAF866E41D
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..[[L.W..vAV...........U.z...MmE}....4iH...4im...k.....I.6M....Q.kdM.BD]Kj@S\.5\df....:.,..E.|.fv..9...........,X.0kQ^^VE....f#...2..o....R=j....^.(..N.F....../^...,...U^...VDH.Ic...<.?t..<.R......t.0..Y..j.EEn....G^.....^)Y@^`.A....y.=...<E^{.x.O..Z...i.D-..."X^^V.......k~.:....Ay.dhS.......Y......{..:F=M.....~D..1...uii(\...(.D...^...3"@4.......6.<!...e8{d(yBR...u%.<$...1..:..'$M.....W8../xx.!....)..h....t....t%..Kd....QS..iii1..rzN.-\.m8y..k......> ...6._...*.W.{G+y.i.H.nZ.~dgr.kwC.:.8.....UC/y.)S@jv.....x".....:...g:L.D.......M;.........|.!....%O0D...Mn.YxK.pB|.c...\...`.y....#]..r...X..i.2.....k"k..L.....s>.....Z ...6F.'.2..j.>.p#..,-.r...]....Oa....D.= ...l`.#D8....O...;/..__.P{.R.&..c.2[.......V...h.Ij.h:l?"..z....^.j..#..CD.y........*BT.w.Of).0d;x7...>y$iD../H..U.....o.C..u.=..%..@.D.e[.....XQG&n.....f.P.aH...!..@:yL[..ZE...a#D.........!.@l9.......f#yE.g....O....&H..1.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-SV8UV.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):203
                  Entropy (8bit):6.240413526526826
                  Encrypted:false
                  SSDEEP:
                  MD5:89951BBEF1B0F1B8D0EB91440C16FC1E
                  SHA1:45DE31D835C85387D7E31A13C916552B7D0A4E77
                  SHA-256:1EC70C0E036D9AD11C2AB219E2A60D1D40BD6EAC54A6C31D9FBB6625605B8227
                  SHA-512:4CBE8E9E0E5B1968B598D94C11A3D0C3FB85E6D627163E210F1C6B9CD07A3704D8EFF14C4ACDE89363F40CCF187FFEE4B6B8ED15091A290FAE06DD0B4BE97333
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....}IDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.#c.F.e..y.#..h..F..[r....`.8.....9:...F.......~...Fx......N.Q.........IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-T94I5.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:MS Windows cursor resource - 1 icon, 32x32, hotspot @0x0
                  Category:dropped
                  Size (bytes):4286
                  Entropy (8bit):0.7536826972920471
                  Encrypted:false
                  SSDEEP:
                  MD5:7C2AA873AD45DAFB7489AAB897697E01
                  SHA1:543FD18DD82DF2BA3F543DD1AF41A7F8BD1F01F2
                  SHA-256:93C2C200688FC46B12CC33033CBE451064BDB4B8D8D838FA6F7B0492FC1D44AB
                  SHA-512:198E4A5F3C9BA6811D054C3B13101E6AD67DA1754329EFAA2BBD15C31157B369489D23A98C6B7B1FFE3DD4DD6E17DC19C825B8B9312513E9B78D2663864185A7
                  Malicious:false
                  Reputation:unknown
                  Preview:...... ..............(... ...@..... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-TG99C.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):211
                  Entropy (8bit):6.307455609028054
                  Encrypted:false
                  SSDEEP:
                  MD5:7CF5FE3B1D2B0CB59A198CC4339D45C2
                  SHA1:FD5DAA6CF6666956306C44FCB46475583A07C58A
                  SHA-256:9B5CCFE1E903709D02F4D848067838E8D19B532C37520339064F901DF13F01AB
                  SHA-512:E32E7C2CFF9C8D7A45E169CBCCC18716DC8230B4A7B9BE91261F21D34058EDCFB61FE6A1FF63B5DB86C42C6845F95B8EB22E9ACC5D0D7702F41AF346BE9625AE
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX.c<u....<....Y.1i#^......'d>.>Iz......V(.>q...M1.(..%G..e.......i.P...Bq..p.?.!0.F..u......Z.G..[.PK.h]0.......u...Fx].......Q.w.......IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\is-VBUDQ.tmp

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):166
                  Entropy (8bit):5.831240089537516
                  Encrypted:false
                  SSDEEP:
                  MD5:9B3ED6DEEF5865F2704BD06B0FE3D0FC
                  SHA1:5CEA8FE28EE05ED30D9DB6A59B9D3ACD25C9E542
                  SHA-256:60E56C6E4DA158248C0691A26529BC9E217117DB82DA7C78B48148760BFBB338
                  SHA-512:4AC1F75C3DCB253C6C4E4249862C5FDEDFCC8384C17509BFE8E43E9F6285F67E72CFB5D150F6BFD5172A5C010BE706979AC446264846A60F1C4BD8C2CA5AAD40
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....XIDATX.c...`..F\.`aa....s..).v1.t...Rp..I.,..4.+?.!0.Q..:`.....u............Q0.F8```...W..F.......IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\multiPainterOffL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:13223AA59F489EFC2D5F619633803F1F
                  SHA1:DC5FE651F342D08C6D47999BBFE0889C490D8D02
                  SHA-256:1BF3293F2E267F2A8B9D2D2C8597CE59F77080EA3B78963C9D68A6735F59D60B
                  SHA-512:0D7C393549C493448B42225D708D243F67C58D536FD4A30CF9E55131D840E50BDAA8E1636AE6848BBDA60095A99F43D218FDB13229A4AAE524F32ABAF866E41D
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..[[L.W..vAV...........U.z...MmE}....4iH...4im...k.....I.6M....Q.kdM.BD]Kj@S\.5\df....:.,..E.|.fv..9...........,X.0kQ^^VE....f#...2..o....R=j....^.(..N.F....../^...,...U^...VDH.Ic...<.?t..<.R......t.0..Y..j.EEn....G^.....^)Y@^`.A....y.=...<E^{.x.O..Z...i.D-..."X^^V.......k~.:....Ay.dhS.......Y......{..:F=M.....~D..1...uii(\...(.D...^...3"@4.......6.<!...e8{d(yBR...u%.<$...1..:..'$M.....W8../xx.!....)..h....t....t%..Kd....QS..iii1..rzN.-\.m8y..k......> ...6._...*.W.{G+y.i.H.nZ.~dgr.kwC.:.8.....UC/y.)S@jv.....x".....:...g:L.D.......M;.........|.!....%O0D...Mn.YxK.pB|.c...\...`.y....#]..r...X..i.2.....k"k..L.....s>.....Z ...6F.'.2..j.>.p#..,-.r...]....Oa....D.= ...l`.#D8....O...;/..__.P{.R.&..c.2[.......V...h.Ij.h:l?"..z....^.j..#..CD.y........*BT.w.Of).0d;x7...>y$iD../H..U.....o.C..u.=..%..@.D.e[.....XQG&n.....f.P.aH...!..@:yL[..ZE...a#D.........!.@l9.......f#yE.g....O....&H..1.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\multiPainterOnL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:48EA5951ED0392EEFEB55331FE83D431
                  SHA1:DD9C7B66C33B7DEBB1CC968C8E2ED4F33CC118F9
                  SHA-256:BE214494CAC5C2678D46F106BA101631B8D8A3D992EF83489246C42092CB7E2A
                  SHA-512:F00A167609C93505BA4CEA62A26DBC2BCBD2B5624350145512A2DEA110090E91767FB6646C12B5956CF2E9AE990BEAE64225C3D0CAEE0502EB424321F59A5BA1
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..[mlS..~....v @ Ic.X..dNG..HL......@bm..iR....*4.....i...I..!m.@BM.V.BS.U.d..#..H...(.....i..=......o>@y$.^.{..y...}..X..V....`..,JKK*.....Q$^ZZb....]......Ng.[.... .o.`........R.n..I............n/f.B..=z..v.:...#c.<..|...;.F....o_.t%.. f.....'.=..`S..@-.Px...J.......'XZZb.`.....N..:..{<...E.HQ`I..H.C..D...n>^.....k..*.~@.\2.........."...V/Z.%.@I...x=..z.',..jH..xKW.E....-..!A..h.v......&..`....y.j...Aw...h....4...x#.{..^.p...;`4..6H..>.[.j..............5.0....i..Q....*.+..<a....l...59|...x.0...p$),.H...d....Z....O.}?...Lr...L.P..<AW...l...N....UG.Q.....-y.....62..rJkJ..._.[._U.HD.<!..H.\...B..u_.~..Y..B.D.....-.k..YC...1...w.1..+#.VK.e...Z^..FR........."..L...|s~...,`^...x..pb..;}.Sf.LO.g>....8..4..Fj.E..@..D.|'..!$.".tx....."J.:..N........p.....}U&?Z.U...U..R.b...U....f#I#J....Z.l..o...q'ja..H.~A$E.)-..*'m..I....@.....g~A..PW........U......C.....$L..&...w..x+...|...jE.{.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\painter.cur (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:MS Windows cursor resource - 1 icon, 32x32, hotspot @0x0
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:7C2AA873AD45DAFB7489AAB897697E01
                  SHA1:543FD18DD82DF2BA3F543DD1AF41A7F8BD1F01F2
                  SHA-256:93C2C200688FC46B12CC33033CBE451064BDB4B8D8D838FA6F7B0492FC1D44AB
                  SHA-512:198E4A5F3C9BA6811D054C3B13101E6AD67DA1754329EFAA2BBD15C31157B369489D23A98C6B7B1FFE3DD4DD6E17DC19C825B8B9312513E9B78D2663864185A7
                  Malicious:false
                  Reputation:unknown
                  Preview:...... ..............(... ...@..... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\paintersL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:B21B7483F6EC45C5C9CEB3D503E89C1B
                  SHA1:FCF8E3CA0E7B206F2013532FDA7A768D7F201F83
                  SHA-256:710B702B4B27B5C8AD06C8CC8979A25BA0D9283CE00D50CE780781AD21813533
                  SHA-512:EB3ECB8578456576C9163B3BDFAFACD132F69217109FDF72AD13B2130EECCB8F02D54A1DBBF574752DEBA3E9F36FC12B1B00196952A0F2690B4134881B29D5F8
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..[}l...}{.3.c.!..W|N.PL X.M.I.CP..`.5..*!v[..0 ..DPA..E..H-*.1...Jq.WD.b...8.\.....K..P.\R.;;....g........R.d..yv....f..-a.c..<..........i.....f.V.N..@m."...}...........kP3...bQ.z.$.......t.0%'....|ii..m........X..^.H...............YL.6.P.G.?.....L.!`.|...t.$)b..I!...D.Q.$K3...x.,...$)...M..;......pk`_8I.[..........\....lE...m_.S..A.%..d}..!2u...y.. /.....c.?.X.....?.............=....4.....m..^}..y..Z...0..Y....]^......... ._~y#..7/....V.... .C@.....#..\.I...].5|C......q@./.Z....n>...}...<...!... .J..cZ.,.j..I./......8;....=......X....1...+"..[4Af..,^|_J_......&...+..^G.L./...P@".........>u......./....3.@E<.r.....!... .nwR."......b..X.t.FF...G....e.....OR.8.....r....B).6.y._...'....8x. ..fj.9|.M.!dK.NZ....E..K.5.C.'.....:o...w.-a.....".D.'P&.Z. .O.....2!y8.e..t9.}+...q....../.=.KA...........'.?..~9U..Lu...@I)PV....0.!\..A...D....E.5*)O.V.4./.q......'...Pn...M:S....(..n.<...

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\paintersOnL.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:3A552005065C257AE4711EE2D3C0733B
                  SHA1:D6B0EA49899804190B0C8FE4744B3E5BAC05055B
                  SHA-256:DD69CB4F70B1C0949AF2FF8C93A02729F0916696ED0356D3E69B38924136F43B
                  SHA-512:502FFF24235559FC6EB9B4386ED914C7B1361BF9B58A4DE10AB45DB3EC21A810A6B640F4F2517C0522C5BEA8D1A0D3D27502E4A2F4CC7D791FF85EE0B36704AB
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...@...@......iq.....pHYs...%...%.IR$.....IDATx..[{l......g..}<..A|N|..t]Jy...AMR..A.....0 ..D.....H.Zj.i.m.D.....'.4.8<\....Bk.G!...W0...~s....kwo..d..f....7..vn,`.c.......X..!1...V...g=......F..a..Uzv.D.gP....5j.._..9S.....G......G........'....Uek@G.!C...S.[/.?O.&.~..;...6...l.*..6<...O...A3.t.o.PEGA..z..... OdK.A..y.x.t.w...5S.#.`............!.f|A.. 5...".GM..y.}A...m$..@S..r."..M.7......m....2e.no..O....s.20C^[......$.............F....{.V......}...(.o]S.o..tDj$...;....-$''.ZD>./....=....Zm.0...X.......|}..B.+L.........U.s..;..;.FGG;..S#..Ah.X.(.l.7H^./.\...qV+....E..a%............/[S.jd<|..9......c,:,.@.../c.....h3.@........o...|.Z..$..}AK......+*.e..o.&.I...v.=.y.....SSS.~..,X......w.^TW.+?WlZ.).KI..'..VB..^.G(..C....d.`...5.;w.Db....]-..5$.DZ..Jh..e.p.I"..y....y..HS.....xG..V.'P$,^..;.9..........1.t&f.G"..n.o./Z.03..s.52./.{%?..n_..<..?D...p-..P;......iY.?...N.....K_..?e...5.D.yBWfbQw..Z..{...#......S. z\.Cf.....@.X.1&..

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint1N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:9C839F86D5ECB54E79DBDC691256E7B8
                  SHA1:18B60F1855F31D91511CF14A4CB728C24F958D35
                  SHA-256:52EBD2A2FBB8C98127D84CE5879E7E7081D8C30DFAA27FFB71F575BA8EB2D0FF
                  SHA-512:B7EC35C2BD64155A9A91EA7F91048806748D8DBA0324AFCC5266915FD7BFC56524EF44A0B899EC89F655DC5A78B7BB10C2E4EE96BB6FAFACC939F55B9A4D1B58
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX.cdL......?..Y...x.YZ.....$=.....k.....k.......cd.....u.<...st@(.U?.!0.F.#....[.P.l'U.hQ<x....vR....`..h]0Z..:`.........Q..5/....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint2N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:7CF5FE3B1D2B0CB59A198CC4339D45C2
                  SHA1:FD5DAA6CF6666956306C44FCB46475583A07C58A
                  SHA-256:9B5CCFE1E903709D02F4D848067838E8D19B532C37520339064F901DF13F01AB
                  SHA-512:E32E7C2CFF9C8D7A45E169CBCCC18716DC8230B4A7B9BE91261F21D34058EDCFB61FE6A1FF63B5DB86C42C6845F95B8EB22E9ACC5D0D7702F41AF346BE9625AE
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX.c<u....<....Y.1i#^......'d>.>Iz......V(.>q...M1.(..%G..e.......i.P...Bq..p.?.!0.F..u......Z.G..[.PK.h]0.......u...Fx].......Q.w.......IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint3N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:0A3FA188853741A870B4DCD24A63D7D0
                  SHA1:3957F2BE5D8FC119285BD0429D2DBF9F451959FC
                  SHA-256:48AE5FEECC3C1B35D47A31A24B79B17582F2B7C57FDFE910FF19393FD90CC79A
                  SHA-512:40B85E8438AF89AFF98897F36F5F3101E410CE6CBEA98F44324FC77628806F31E45DA561EAA85BF07F3D460CDF6FC64EF9F9480C6ED2FA643537BB4D124E614D
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....|IDATX.c<u....<....Y.T..I..g.'I..........'..T.M1.(..%G.G..:.....!: U=,......(..4.....9u....E...p....F....`...u........ .P.?.>.....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint4N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:89951BBEF1B0F1B8D0EB91440C16FC1E
                  SHA1:45DE31D835C85387D7E31A13C916552B7D0A4E77
                  SHA-256:1EC70C0E036D9AD11C2AB219E2A60D1D40BD6EAC54A6C31D9FBB6625605B8227
                  SHA-512:4CBE8E9E0E5B1968B598D94C11A3D0C3FB85E6D627163E210F1C6B9CD07A3704D8EFF14C4ACDE89363F40CCF187FFEE4B6B8ED15091A290FAE06DD0B4BE97333
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....}IDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.#c.F.e..y.#..h..F..[r....`.8.....9:...F.......~...Fx......N.Q.........IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint5N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:53829C7714E20B7D772DF0413E844E57
                  SHA1:4184652EB77B50EEEF6A74A4EE08D445F648AFC7
                  SHA-256:DD0C0CEDB69FE3497F1424F84D1BE36D670E75E3F5CDBF37A3ACF23FD4B23970
                  SHA-512:7E5637AC2D63DEECFA699E2CBB877E8C18D31F8841A4619CFCA7B95EBC70A9B0C46A2D4DE0AA79A27166DA196FCB6E64A7B479056DB299A480412DE6C0DFB282
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$.....IDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F..u.c.F......!uAS.5..n.Q..G.A.....Bq..F.Q0h.h.`._0.../```..cpQ....E....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint6N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:B41EF9B3983745F22ED9115B28C3C419
                  SHA1:F9518489D109E4F83F8734BC1C7F74CFEA82A4FB
                  SHA-256:67708068E0F7F7437B08116E404B621A9B276EDA531E93CC137038DF5B518F7F
                  SHA-512:A11FD9937C6F900A791EB905A595181805F21F31CBC65A2B977123F9BDC21ADEF6A766B7BD80B0664F243B107B14BD95BD3C1DE2D383314CF27ADF86613963B3
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....wIDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.......u..4.X......E...`q..F.Q0.`._0./.u....000..m.P.|x.f....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint7N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:3C10582E2FDBBF18B25BC580A136F972
                  SHA1:A5214BA9F0762C61C780C1E186E26C0DB636E546
                  SHA-256:D34E1F955517550EA9414D7D3D8241F7614858D8129F613F608BE3FF37120D6D
                  SHA-512:240747078ADC6424464E87DE058F20856129DD6194D6F94CFD0370F3737D882F02F25944E53D212ADDBF179E5E0CA3FFB3B75C032F0C44A99B7EBFD64DE555BC
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....|IDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.h]0Z..:`.......1i#...<..R.4.X.H.-9.W.h]0l..O...............Q..wO:....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint8N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:C6BC04F1E912D718C2C69280DBB94C2F
                  SHA1:DAEB7DFE0D150F65A553676EF08EBA18C9EFEB34
                  SHA-256:E0E87E8C1D1339550EA062B5098EC4584F96735E64257C439214E9F37D95E0F0
                  SHA-512:5B1002BDD362B7B92893D9DD55B4224EF52891A26418D6BDC1370C0FAFF558023D9DD06F844AF92D6BA10EB4B16EEA2CAC9337F83AA7C3F40EB2E911BB0AB791
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....~IDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.h]0Z..:`.......1i#^........)..._..(^..u..u..u..8G....```....Q..e......IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePoint9N.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:47C2D4AA870F4B3342A1ABD9ECAC5753
                  SHA1:BF4471140C480A60F18DC19EC1E945B6548B7DE9
                  SHA-256:83446B28E7089B6F3EA3948C3A4DAF25368709BD2E2B1E0CF7C0B1D0BFA5A1E2
                  SHA-512:46C45159D30352CCBE296547A60F41D6CDC0A1DD93734BD9DADBCB0A5282C8F1A904C98B7B2B4645B5FFD4CAA03BD77F494CE129B92149C920FA3A740061C1AB
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....uIDATX.c<u....<....Y....I.....0..B...cx.......Q.....8G..R?.!0.F.h]0Z..:`.......u.c......b.Q.uK....x....8G..........P....Y....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePointOffN.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:9B3ED6DEEF5865F2704BD06B0FE3D0FC
                  SHA1:5CEA8FE28EE05ED30D9DB6A59B9D3ACD25C9E542
                  SHA-256:60E56C6E4DA158248C0691A26529BC9E217117DB82DA7C78B48148760BFBB338
                  SHA-512:4AC1F75C3DCB253C6C4E4249862C5FDEDFCC8384C17509BFE8E43E9F6285F67E72CFB5D150F6BFD5172A5C010BE706979AC446264846A60F1C4BD8C2CA5AAD40
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....XIDATX.c...`..F\.`aa....s..).v1.t...Rp..I.,..4.+?.!0.Q..:`.....u............Q0.F8```...W..F.......IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\setReferencePointOnN.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:3299A1AA577059B85565E09C634070DB
                  SHA1:EC4CF400A8AB1E5C74FDE41E447C40E98A08A1AF
                  SHA-256:8DA7C98CC1147D5A22F78ACBD8868C4D04F33D8B00AC2B8D22F663551936B039
                  SHA-512:5E1040EE169266E9D2B2CAAB3DD8C888BF84B192F19ECAD1784D0620E4B3FD01EBE559322006EF64AE908A2F58480A6B59597E1CCBDA3DA6CC8236BBBB8768FB
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....XIDATX.c...`..F\.....?5...<..v1.t...R..cM..uK......u...F.0.Q..:`.......sJ....(..#.000.......M.f....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\showAllN-Invert.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:8930CCE4A5EA00DCEB880E791AEDE4A1
                  SHA1:7CFD3589E61E11584D6BC53CB70F172F265A9918
                  SHA-256:B9797023D6127FF4E9C2D361CB8771BD3654F5B2642E4E9D3CC7F921A559870B
                  SHA-512:5D05F44219227E33B26F69AC790D069F22910C116D747FD9DC785A7234732964EAC0A958948054E7D012DDEEC6623C845C966D13675A3596B767DA6AE2493D20
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....zTXtRaw profile type exif..x..V[..&..g.Y.....`..d.Y~.L._.....|..6X..T%........=E.4Y.1z\!......u.....+<?.....^....._`.....}{.../.[@...P...m..$|.i=...........(_.C..U.'......A.......(..aL"...k..9|!...p...3...v.....^s7.z...^..t..]..zoGv%D0..J...a..*e..h.?.8...).P.B..mw...v.@..uj..iG...'..;..$.OQ.h.9A.......f>c..7O.;.<W.L&..V.5we..v..>J.......Q..c(7..A./Nu.;.{... .@A.4..,~; 6.{m..Y0O}p.......E......G..H>1'".h. r.... U..:.....x..Ds.+.f.-.B%J.4.@.+.E..`......j..YK.....S.gTI.B..SJ.r*&.L-Z2.l%s..a.cN.[..8-..X]0...7..[..f[.....{..n{.K.*...\..ki.PJ-4m..f-..Qk]z..cO.z..Tm.....(.Y5Z............q.C3(..x....yh.B....g.P.j.C.JC1(...v:..+.Q7....._).t..rnH..{..B.Z......]88..q.aB..V...................A...z.jH{J.......i.......{6L........p8FV.1S+..G..Zs#......".....<..s._.z. 8w'vz.&t.:x..@.B?.l.H..F...W4I.A.\go..).....r....... zt7.{..)....=2x2.e.^`..];{..t...X5.t_p.].V^.j.L.o&.ns...~....../@......[..*..U....bKGD............

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\showAllN.png (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:D767C4469DE6516F21CF0139093F2C0D
                  SHA1:2C90730ED0A425A5F0506A69527ADA3B2438D231
                  SHA-256:4B3507D0D6ABFB87562ACAA0D05FD48069C9FC4700901E8CA838C6D032ECD161
                  SHA-512:4E4129723E152BCEF61F35AA0C2ADFDA49784D833A844817D8940399AF853E1D2B139C9E3169F85998B6D79EA28FDC092BC0B4CE9B3E71F56E0285615055E9FA
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR... ... .....szz.....pHYs...%...%.IR$....KIDATX...M.0.......G............P&(L.6.#..+.p.1R..# +/...v@...R5......d2.....`...l...X..................J....q.^.m.RYQ..h......e.(v:.}w.;k[??.........9...T_2...!..:..V./..{..{......<3#;.Jf^.k.N.;*..9>.....;t.s...s.#..._.1.f;S.k.........J|..Q.-.^0.....qa...?A=+...'P.o./\..s"R1P....`.......|.<-........c.<..d2I.|..-}+.G.h....IEND.B`.

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\unins000.dat

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:InnoSetup Log BrightSlide {29BB97A8-45FC-480D-A789-DF0212601E9F}, version 0x418, 15856 bytes, 301389\37\user\376\, C:\Users\user\AppData\Roaming\Microsoft\Ad
                  Category:dropped
                  Size (bytes):15856
                  Entropy (8bit):3.7947217822479913
                  Encrypted:false
                  SSDEEP:
                  MD5:AB7CCF671B1C89C26C429A962789ECEC
                  SHA1:F140BA297A8AE4BB24454E78F23F327B38568FCA
                  SHA-256:B505CE0B926D2FFD2E6D8E6DAF3DB4BF96B0E9FC8F3A92611CF6AF22E3D79725
                  SHA-512:5ED1A5FE958FD21F74A3640EC4D4CE5A6567B12D88FC21BDB70013243ED0BB5356109B0B24C0EE17F2871369FAA681112837223F3B1F262D401FB65AD6C7ABF6
                  Malicious:false
                  Reputation:unknown
                  Preview:Inno Setup Uninstall Log (b)....................................{29BB97A8-45FC-480D-A789-DF0212601E9F}..........................................................................................BrightSlide.........................................................................................................................3....=..!...............................................................................................................IB..........."................3.0.1.3.8.9......c.a.l.i..r...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.A.d.d.I.n.s.\.B.r.i.g.h.t.C.a.r.b.o.n.\.B.r.i.g.h.t.S.l.i.d.e..................7.... ..........F...IFPS....'........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPR

                  C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\unins000.exe (copy)

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:EA37C7E16856B1E488C47CA5C6CBB351
                  SHA1:2C563D17224AE059852CED96C0E550FD82A29949
                  SHA-256:56D22FBEB6F394587921F7134A8143A26068C99EA9B28EDC49AF09C767E87B6D
                  SHA-512:D24C0038F3CEEB5BD3875996EB3701B18DF6A81CF8A2E95CA8C680A243AFD3407CA9DF0AAC5AACC43F28F8979BF8E6ACE27AB196A8B0DC911A9433FE167450BC
                  Malicious:false
                  Reputation:unknown
                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9......X............................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc...X.............-.............@..@..............1.......0.............@..@........................................................

                  C:\Users\user\AppData\Roaming\Microsoft\Installer\{68AC05C9-7229-49B6-8984-60B9B6235670}\BrightSlide.exe

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:MS Windows icon resource - 4 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                  Category:dropped
                  Size (bytes):98056
                  Entropy (8bit):4.165824334276666
                  Encrypted:false
                  SSDEEP:
                  MD5:6F0A695679623DC783B020C4FA64B703
                  SHA1:B17EBCE54DBCB3934B3BFA9C28FCE31287912EF8
                  SHA-256:1BC14FF4AA2A288D6B9E40A2F5D771AA36F592B19FF266342066EA456208E411
                  SHA-512:95EF5C6D5C9C6304C6D9C82ED37CBD4C573DB764485F95597F3996EAE534BFCFEF95866BB7AEA66D7C3B82199EEE58830B54C6FBE5DB52436AA5A8073B16BA7D
                  Malicious:false
                  Reputation:unknown
                  Preview:............ ..#..F......... .(....$..@@.... .(B..8,.. .... .....`n...PNG........IHDR.............\r.f..#.IDATx...p]U...9........&(0.bS...'6..|..4.L.[i.-.P.4....|.m........<:.....(I....J*..P.R^y..FK).d.w...77...........7.77.~..^k.....X...)....X..83.3nT....].k.<......~.A.i.F....f.ZM......&{..;.k.eW..V-g|.y..]'{\..B..t6.3}.3X.y{P;.._...gH....n...`.i.Fm..\6...k...vh..#QP.........:.P.6.G....n3o.iU.}..eH.bfl..!+....A....... ..W..sf.e.1...e.Ge8....L...E.x...@DXF....-.....I"...._.-.....D..@......>|..@..R...$...Z.Q..../#.>..&hL_.....A....O..7....Xu..d..3.2?..h5..$..1v./.:o..^-...\o.7w..K. ..`..v9....+.r..g........!.p.4.j^f,c....?YXICC..G.............2.r....t`....6......a....V.c!"..B...0......y...~6.U......jo....lc.L,..Z].9.....V].......0:..+Q... S....;).'.a....)K..2!...n.>....VX.M!...a....n_n0+.G.>!.....mzUs..DIj....u.M.>..Qo.1...T....D..97.*...?.%i\)H.....w&..6.6hs....@J..R!....q... ..0..vr... $(;}E..q.!..@Y~B...J.H..u.5..6.....@.. ..2~...e..f...

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrightSlide\Online Support.url

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:MS Windows 95 Internet shortcut text (URL=<https://brightcarbon.com/BrightSlide/>), ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):63
                  Entropy (8bit):4.621977098337152
                  Encrypted:false
                  SSDEEP:
                  MD5:765E1C0A2B08756C67ACE374CDE69837
                  SHA1:AF7CADE649715FF1485FD65633B101D65F022450
                  SHA-256:0B00B5DFBB263F15300B39A534EE2FA987B16B62BE9DEB679761826B6CAB1E1A
                  SHA-512:39CA981B3102CC1DC77260607E0B1AA00D30ED5F3A8A5FEEF3C1B835098013BA6D43DE6A65FFB6E2999218178E08ED009E6EBD6785E24471624E3A5F3B735BCC
                  Malicious:false
                  Reputation:unknown
                  Preview:[InternetShortcut]..URL=https://brightcarbon.com/BrightSlide/..

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrightSlide\Uninstall BrightSlide.lnk

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\is-C2O7A.tmp\Setup_BrightSlide_1.0.9.tmp
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Jan 15 10:01:55 2025, mtime=Wed Jan 15 10:01:55 2025, atime=Wed Jan 15 10:01:46 2025, length=3235131, window=hide
                  Category:dropped
                  Size (bytes):1460
                  Entropy (8bit):4.79151510596358
                  Encrypted:false
                  SSDEEP:
                  MD5:E91C8E6C377534084F5FBDF0717DF51E
                  SHA1:6C5121AA752EE5660898193258FC297DD61E0ECB
                  SHA-256:8F632CF745C32D2A9FD402417DBC69078D41B5FE9E0FD939BF8C91C7CA5588D1
                  SHA-512:7C651B9742A1F33E7DFE847012AEE59ECB782885C974781713FD34B4FFF57CFE3656D8103E6423FCEBEBA4E689D020BDF7F57A3EA144776C1B2EBEAAC378CA57
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.... .......<g...U..<g..7.:.<g..;]1.......................:..DG..Yr?.D..U..k0.&...&.........{4....p..<g...5..<g......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H/Z.X..............................A.p.p.D.a.t.a...B.V.1...../Z4X..Roaming.@......FW.H/Z4X..........................N...R.o.a.m.i.n.g.....\.1.....FW.K..MICROS~1..D......FW.H/Z.X..........................j0..M.i.c.r.o.s.o.f.t.....T.1.....FW.K..AddIns..>......FW.KFW.K....Q.....................j0..A.d.d.I.n.s.....b.1...../Z<X..BRIGHT~1..J....../Z<X/Z<X...........................Y.B.r.i.g.h.t.C.a.r.b.o.n.....`.1...../Z=X..BRIGHT~1..H....../Z<X/Z=X.............................B.r.i.g.h.t.S.l.i.d.e.....f.2.;]1./Z8X .unins000.exe..J....../Z<X/Z<X.............................u.n.i.n.s.0.0.0...e.x.e.......................-......................{.....C:\Users\user\AppData\Roaming\Microsoft\AddIns\BrightCarbon\BrightSlide\unins000.exe..%.R.e.m.o.v.e. .B.r.i.g.h.t.S.l.i.d.e. .f.r

                  C:\Windows\Fonts\BrightSlideAssets-Regular.otf

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:OpenType font data
                  Category:dropped
                  Size (bytes):4180
                  Entropy (8bit):6.276912927370271
                  Encrypted:false
                  SSDEEP:
                  MD5:D140C41BA603E1094A2665C7A6F243C8
                  SHA1:265D5B467B1A719BF21355ADBB51ED1C809B78C1
                  SHA-256:284FA22CB1734B8A87D0A9B84A5F4959A23BE0642BDA041E8ED79C1673CFEFA3
                  SHA-512:C9C485847CCC79CD01159B6B1E40445217A55CD02B2438D4AA013C4CEF187C488DE8FA19E43B42D80A321B91C310959E1B88914C7D7D3A7AB5D9CE05845A2003
                  Malicious:false
                  Reputation:unknown
                  Preview:OTTO.......0CFF .hG`........DSIG.......L....GSUB.......@....OS/2z.fA.......`cmap.$,........head.R2........6hhea.......p...$hmtx.F.{.......rmaxp..P.........nameC...........post...2....... ..P............^=..^_.<...........f6......f6.....................d...X...X...X...X.........................................e.......e...........e...........................................................................].......3.......3.......2.f............................UKWN... .<......................... .................&.............&...........8.........$.?...........c.........2.}.....................................................................L...........$.9...........].........H.k.........4...........d...........2.K.........".}.........".}.........(...........(..Copyright . 2019 by BrightCarbon Ltd..BrightSlide AssetsRegular1.103;UKWN;BrightSlideAssets-RegularBrightSlide Assets RegularVersion 1.103;hotconv 1.0.109;makeotfexe 2.5.65596BrightSlideAssets-RegularBrightCarbon Ltd.www.brightcar

                  C:\Windows\Installer\MSI4DAB.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):393888
                  Entropy (8bit):6.420645328557277
                  Encrypted:false
                  SSDEEP:
                  MD5:D23C9B725DC88A729250A65229E35B39
                  SHA1:112A859B1C905E6514E0F18A8A41EC6455CA617F
                  SHA-256:284E1B5AF1E6A57F776CD82093BE19820AB3C90CA1C4639C4B11F7A00A3E6877
                  SHA-512:E049AF99A7D4A265EB8CD9A2E31C4D387B8A42683D4A80FE935EAD8A95B1F456407129DAD241AA956FC6EBC2B3B52886A5668499D7F256232C3C372C70A8F465
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2...S...S...S...8...S...8..fS..2<...S..2<...S..2<...S...8...S...8...S...8...S...S...R...#...S...#...S...#i..S...S...S...#...S..Rich.S..................PE..L....%!_.........."!................*J.......................................0...........@.............................................0.......................PC..@)..p...................h*.......)..@............................................text..._........................... ..`.rdata..$...........................@..@.data...t...........................@....rsrc...0...........................@..@.reloc..PC.......D..................@..B................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\MSI4E4A.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):662886
                  Entropy (8bit):6.374078061346246
                  Encrypted:false
                  SSDEEP:
                  MD5:E97864E46E44088D28D7529B13CB7671
                  SHA1:C8B46AD0E69FBD3D074A28BB26C941665A2A5194
                  SHA-256:22FCF02A21537B2A3A672FFB8A98E9C6AB51F58329068593C82E772F4C78330C
                  SHA-512:30EFDF93F6EA54175158D45892F5D9B7D7935B3F27D51C0C7C0B2D2B85C3EAAC2288C37ED497DE45E083A8E5D290C9DD47FF543ADF91D85D8F374394260A639F
                  Malicious:false
                  Reputation:unknown
                  Preview:...@IXOS.@.....@@0/Z.@.....@.....@.....@.....@.....@......&.{68AC05C9-7229-49B6-8984-60B9B6235670}..BrightSlide Assets..BrightSlide Assets.msi.@.....@.....@.....@......BrightSlide.exe..&.{BEFE4E98-8143-4D7A-8348-E7CE415B24C8}.....@.....@.....@.....@.......@.....@.....@.......@......BrightSlide Assets......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{FFF2F492-33DD-4E46-A7D9-87B5EE380775}..C:\Windows\Fonts\.@.......@.....@.....@......&.{573C6F40-4E56-4707-AE35-18A68D6C9F52}4.01:\Software\BrightCarbon\BrightSlide Assets\Version.@.......@.....@.....@......&.{BCEC89C2-CC02-4173-8A76-6A47C263C8A7}..C:\Windows\Fonts\BrightSlideAssets-Regular.otf.@.......@.....@.....@......&.{A4BD72AD-48F4-45B8-ABEE-7C7851273AA1}d.01:\Software\Caphyon\Advanced Installer\LZMA\{68AC05C9-7229-49B6-8984-60B9B6235670}\1.0.1\AI_ExePath.@.......@.....@.....@........CreateFolders..Creati

                  C:\Windows\Installer\MSI4ED9.tmp

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):558232
                  Entropy (8bit):6.440995707786409
                  Encrypted:false
                  SSDEEP:
                  MD5:C7190F385147C4C510F0801AD68D7E29
                  SHA1:61BDFE36FA91224C7560DDC3111E0CCB4BD6FF26
                  SHA-256:791AB32F5B3A81CA520B55CECAD6BEC35FFA215148F1C9F979EFADECBBA4BA82
                  SHA-512:862C7F8BA3CF4376A3ADEED3E61435DD15F9CB0B9D8DD2C679DA564CD33428FE29C24838E6987374AACE731B9C69E55DB002E73563E185F07CF456FB72452C45
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b....@...@...@..hC...@..hE.w.@..lD...@..lC...@..lE..@..hD...@..hG...@..hA...@...A...@.WsI..@.Ws@...@.Ws....@.......@.WsB...@.Rich..@.................PE..L....%!_.........."!................................................................+.....@.............................<...<........0..h............j.......@...Y...C..p...................pC......P$..@...............X.......@....................text............................... ..`.rdata..0...........................@..@.data... ...........................@....rsrc...h....0......................@..@.reloc...Y...@...Z..................@..B................................................................................................................................................................................................................................................................................

                  C:\Windows\Installer\SourceHash{68AC05C9-7229-49B6-8984-60B9B6235670}

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.1948458663998553
                  Encrypted:false
                  SSDEEP:
                  MD5:B894F0B9D80420FBF51527F09A1F896C
                  SHA1:13DB2C05F56B0C4BE64BC8B3CA27414AF40CD000
                  SHA-256:E30F4B26FF4DD0C616409A5EEBAB4BCB07AD2656F6D053075B22A68E7FED31F6
                  SHA-512:F6EDCD1E0C786B6D0E55C3733DE0510983A8B8FCC0F1D659209A171737364CCDDE0559ABFD6C7257FB8E433032BAC8DCE8D379EDDCEDA65031CB1C651A8EC7D9
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):454234
                  Entropy (8bit):5.356156109679213
                  Encrypted:false
                  SSDEEP:
                  MD5:A9016BBAE8835E2688BC97C519BDAA9D
                  SHA1:989CE47F2720C7A52B7FC543672DC26B10F056C7
                  SHA-256:1FC29E22AF8464E83A40CEFAE6AB14AF2649173D76D437B5835AEED758A5BC56
                  SHA-512:932557E1BEFEC45BB09E6D909DECC5BFB8540DBE8CF09B411B9FB7FEEF6DF814AE1A19B36309FE330FEC65153501B092DE9E559A6B87959653FBA2829A37A90F
                  Malicious:false
                  Reputation:unknown
                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                  C:\Windows\Temp\~DF08073256A57EAD28.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):73728
                  Entropy (8bit):0.15928566691958004
                  Encrypted:false
                  SSDEEP:
                  MD5:40AF5990B1A6023C1E9B9A8CEE3202B6
                  SHA1:3811999AA2105EF946F014D92B445D9D699235CF
                  SHA-256:3EAD3C592B683FA6024A52488FD5289A1EE627CAFD450E04E9A1BA9ABA32A934
                  SHA-512:67C3796AD1821FC6A378576180954D2D1892CEACF093F21D02380F47EFD233BE922DC1858050EDDA41A757E75B8CD0ED47CEC542DAC5871955AA03AF64AE59B7
                  Malicious:false
                  Reputation:unknown
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF1799607C1D90CC95.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.2964754473414957
                  Encrypted:false
                  SSDEEP:
                  MD5:0096EA7E4099300184F0B753D0775AC7
                  SHA1:F404A33B714D1E00F114A979896C9F80962D2779
                  SHA-256:91D5278F98E487AC89894586A8783D0C641D7C04B338EF1CC1EB32216EFD864E
                  SHA-512:A4FB0BF3817E9E0EDF7370E17673709E8596CF87AF3D3A9CC171A330C5B01C684BA7ED8869D56D368BE563A1C634883F6DD77FF41294CA38249594551A3A6894
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF3A00DD374252B847.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.08922470518440814
                  Encrypted:false
                  SSDEEP:
                  MD5:DA11D6942DA54BA51C84D7D0C9552CB8
                  SHA1:4BF0556E0AC36D29CC4A997415F876D7EA8F26C2
                  SHA-256:B0854B62D0910C10B66D5048558EDA927AD3CF2214B344B15719E34439770187
                  SHA-512:C8CEBB6A1D53673A71203ADE5DE06EE12D832DA0FDCCDF683E6FAE989F390239E976DA3F267C74586212F3BB988BCD9A22A8A54E0B1A29F3F122690A157C64B8
                  Malicious:false
                  Reputation:unknown
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF53A8475C70358134.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.6248501168316505
                  Encrypted:false
                  SSDEEP:
                  MD5:A4CC446AB9D2E1993F3E0703100593A2
                  SHA1:298F89BB09A2FD8EA8D1EA88D22A83441D4848BF
                  SHA-256:5642CB3A061B202F36DDFFD0CF5016A0B34D97A2912546AD7A1F4ACA657896DF
                  SHA-512:E289F0684D404CF329986AD3F67F73B93145C5F6305AADB9346C3988F7E2B1E1D6759BDBC87AC0F4DF8739F0FA8E31DD292359F698F84BA79152C46B63BAEB2F
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Windows\Temp\~DF926F107CB9C02A14.TMP

                  Download File
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Reputation:unknown
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):7.95422888555756
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 98.45%
                  • Inno Setup installer (109748/4) 1.08%
                  • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                  • Win16/32 Executable Delphi generic (2074/23) 0.02%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  File name:Setup_BrightSlide_1.0.9.exe
                  File size:8'430'600 bytes
                  MD5:65b4fe10012bde699554a767c31c2416
                  SHA1:eef1e709334083b0a95a64566aa3bec910827b86
                  SHA256:d07cdeea86a5d640d77d6a99aefadb541278ee113b3f6d3cf744b490c9bfebea
                  SHA512:b4f90d01d665aae2fdc3d752e2a5f80e09fe06f6d2b5b2e623e10720ca4176a88786adb898ebdfee09d032686b5cadea7d01cef6e2434cd0620eff1f8995254a
                  SSDEEP:196608:szb2X4gdvxpGV1+vF9Cqv5SlSW9P2kLv3Ct:1vxpGDeF9Jotu1t
                  TLSH:3686123BA174656FC45E9A31097282106E377F616C2ABC1A07F83B1CCF625B02EFB655
                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                  File Icon

                  Icon Hash:1767170b2bccf027

                  Static PE Info

                  General

                  Entrypoint:0x4b5eec
                  Entrypoint Section:.itext
                  Digitally signed:true
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Time Stamp:0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:6
                  OS Version Minor:1
                  File Version Major:6
                  File Version Minor:1
                  Subsystem Version Major:6
                  Subsystem Version Minor:1
                  Import Hash:e569e6f445d32ba23766ad67d1e3787f

                  Authenticode Signature

                  Signature Valid:true
                  Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                  Signature Validation Error:The operation completed successfully
                  Error Number:0
                  Not Before, Not After
                  • 01/08/2022 02:00:00 01/08/2025 01:59:59
                  Subject Chain
                  • CN=BrightCarbon Inc., O=BrightCarbon Inc., S=Massachusetts, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Massachusetts, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=001103876
                  Version:3
                  Thumbprint MD5:A3355E0FBF5129E6ED35661FC206B30A
                  Thumbprint SHA-1:E1B4BAF7A55DD2DF9593C27264552360B1FE0FBB
                  Thumbprint SHA-256:B5906FA9B10D4ADB7F26E0E42A2A6C152C632616B67C69326DEFDA1D04E52D72
                  Serial:00EC389B600D048A3F35E95FC73F797CF1

                  Entrypoint Preview

                  Instruction
                  push ebp
                  mov ebp, esp
                  add esp, FFFFFFA4h
                  push ebx
                  push esi
                  push edi
                  xor eax, eax
                  mov dword ptr [ebp-3Ch], eax
                  mov dword ptr [ebp-40h], eax
                  mov dword ptr [ebp-5Ch], eax
                  mov dword ptr [ebp-30h], eax
                  mov dword ptr [ebp-38h], eax
                  mov dword ptr [ebp-34h], eax
                  mov dword ptr [ebp-2Ch], eax
                  mov dword ptr [ebp-28h], eax
                  mov dword ptr [ebp-14h], eax
                  mov eax, 004B14B8h
                  call 00007FED8063E995h
                  xor eax, eax
                  push ebp
                  push 004B65E2h
                  push dword ptr fs:[eax]
                  mov dword ptr fs:[eax], esp
                  xor edx, edx
                  push ebp
                  push 004B659Eh
                  push dword ptr fs:[edx]
                  mov dword ptr fs:[edx], esp
                  mov eax, dword ptr [004BE634h]
                  call 00007FED806E1487h
                  call 00007FED806E0FDAh
                  lea edx, dword ptr [ebp-14h]
                  xor eax, eax
                  call 00007FED80654434h
                  mov edx, dword ptr [ebp-14h]
                  mov eax, 004C1D84h
                  call 00007FED80639587h
                  push 00000002h
                  push 00000000h
                  push 00000001h
                  mov ecx, dword ptr [004C1D84h]
                  mov dl, 01h
                  mov eax, dword ptr [004238ECh]
                  call 00007FED806555B7h
                  mov dword ptr [004C1D88h], eax
                  xor edx, edx
                  push ebp
                  push 004B654Ah
                  push dword ptr fs:[edx]
                  mov dword ptr fs:[edx], esp
                  call 00007FED806E150Fh
                  mov dword ptr [004C1D90h], eax
                  mov eax, dword ptr [004C1D90h]
                  cmp dword ptr [eax+0Ch], 01h
                  jne 00007FED806E772Ah
                  mov eax, dword ptr [004C1D90h]
                  mov edx, 00000028h
                  call 00007FED80655EACh
                  mov edx, dword ptr [004C1D90h]

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x1b360.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x8074e00x2f28
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000xb39e40xb3a0043af0a9476ca224d8e8461f1e22c94daFalse0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .itext0xb50000x16880x1800185e04b9a1f554e31f7f848515dc890cFalse0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .data0xb70000x37a40x3800cab2107c933b696aa5cf0cc6c3fd3980False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .idata0xc20000xfdc0x1000e7d1635e2624b124cfdce6c360ac21cdFalse0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .didata0xc30000x1a40x2008ced971d8a7705c98b173e255d8c9aa7False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .edata0xc40000x9a0x2008d4e1e508031afe235bf121c80fd7d5fFalse0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .rsrc0xc70000x1b3600x1b4008147cd4bc8c940b7e3d2907167aeb0d9False0.17388188073394495data4.441847550385552IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_ICON0xc74c80x23caPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9926871862038856
                  RT_ICON0xc98940x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.04600437714420916
                  RT_ICON0xda0bc0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.09093056211620218
                  RT_ICON0xde2e40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.18855534709193245
                  RT_STRING0xdf38c0x360data0.34375
                  RT_STRING0xdf6ec0x260data0.3256578947368421
                  RT_STRING0xdf94c0x45cdata0.4068100358422939
                  RT_STRING0xdfda80x40cdata0.3754826254826255
                  RT_STRING0xe01b40x2d4data0.39226519337016574
                  RT_STRING0xe04880xb8data0.6467391304347826
                  RT_STRING0xe05400x9cdata0.6410256410256411
                  RT_STRING0xe05dc0x374data0.4230769230769231
                  RT_STRING0xe09500x398data0.3358695652173913
                  RT_STRING0xe0ce80x368data0.3795871559633027
                  RT_STRING0xe10500x2a4data0.4275147928994083
                  RT_RCDATA0xe12f40x10data1.5
                  RT_RCDATA0xe13040x2c4data0.6384180790960452
                  RT_RCDATA0xe15c80x2cdata1.2045454545454546
                  RT_GROUP_ICON0xe15f40x3edataEnglishUnited States0.8709677419354839
                  RT_VERSION0xe16340x584dataEnglishUnited States0.29249291784702547
                  RT_MANIFEST0xe1bb80x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163

                  Imports

                  DLLImport
                  kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                  comctl32.dllInitCommonControls
                  version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                  user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                  oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                  netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                  advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                  Exports

                  NameOrdinalAddress
                  TMethodImplementationIntercept30x4541a8
                  __dbk_fcall_wrapper20x40d0a0
                  dbkFCallWrapperAddr10x4be63c

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States